CVSS: 8.7EPSS: 0%CPEs: 6EXPL: 0CVE-2025-30659 – Junos OS: SRX Series: A device configured for vector routing crashes when receiving malformed traffic
https://notcve.org/view.php?id=CVE-2025-30659
09 Apr 2025 — An Improper Handling of Length Parameter Inconsistency vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When a device configured for Secure Vector Routing (SVR) receives a specifically malformed packet the PFE will crash and restart. This issue affects Junos OS on SRX Series: * All 21.4 versions, * 22.2 versions before 22.2R3-S6, * 22.4 versions before 22.4R3-S6, * 23.2 version... • https://supportportal.juniper.net/JSA96470 • CWE-130: Improper Handling of Length Parameter Inconsistency •
CVSS: 8.7EPSS: 0%CPEs: 7EXPL: 0CVE-2025-30658 – Junos OS: SRX Series: On devices with Anti-Virus enabled, malicious server responses will cause memory to leak ultimately causing forwarding to stop
https://notcve.org/view.php?id=CVE-2025-30658
09 Apr 2025 — A Missing Release of Memory after Effective Lifetime vulnerability in the Anti-Virus processing of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On all SRX platforms with Anti-Virus enabled, if a server sends specific content in the HTTP body of a response to a client request, these packets are queued by Anti-Virus processing in Juniper Buffers (jbufs) which are never released. When these jbufs are exhausted, the device stops fo... • https://supportportal.juniper.net/JSA96469 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 8.7EPSS: 0%CPEs: 8EXPL: 0CVE-2025-30656 – Junos OS: MX Series, SRX Series: Processing of specific SIP INVITE messages by the SIP ALG will lead to an FPC crash
https://notcve.org/view.php?id=CVE-2025-30656
09 Apr 2025 — An Improper Handling of Additional Special Element vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series with MS-MPC, MS-MIC and SPC3, and SRX Series, allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If the SIP ALG processes specifically formatted SIP invites, a memory corruption will occur which will lead to a crash of the FPC processing these packets. Although the system will automatically recover with the restart of the FPC, sub... • https://supportportal.juniper.net/JSA96466 • CWE-167: Improper Handling of Additional Special Element •
CVSS: 6.8EPSS: 0%CPEs: 14EXPL: 0CVE-2025-30652 – Junos OS and Junos OS Evolved: Executing a specific CLI command when asregex-optimized is configured causes an rpd crash
https://notcve.org/view.php?id=CVE-2025-30652
09 Apr 2025 — An Improper Handling of Exceptional Conditions vulnerability in routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker executing a CLI command to cause a Denial of Service (DoS). When asregex-optimized is configured and a specific "show route as-path" CLI command is executed, the rpd crashes and restarts. Repeated execution of this command will cause a sustained DoS condition. This issue affects Junos OS: * All versions before 21.2R3-S9, * fro... • https://supportportal.juniper.net/JSA96462 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 8.7EPSS: 0%CPEs: 6EXPL: 0CVE-2025-30649 – Junos OS: MX240, MX480, MX960 with SPC3: An attacker sending specific packets will cause a CPU utilization DoS.
https://notcve.org/view.php?id=CVE-2025-30649
09 Apr 2025 — An Improper Input Validation vulnerability in the syslog stream TCP transport of Juniper Networks Junos OS on MX240, MX480 and MX960 devices with MX-SPC3 Security Services Card allows an unauthenticated, network-based attacker, to send specific spoofed packets to cause a CPU Denial of Service (DoS) to the MX-SPC3 SPUs. Continued receipt and processing of these specific packets will sustain the DoS condition. This issue affects Junos OS: * All versions before 22.2R3-S6, * from 22.4 before 22.4R3-S4, * from 2... • https://supportportal.juniper.net/JSA96459 • CWE-20: Improper Input Validation •
CVSS: 7.4EPSS: 0%CPEs: 11EXPL: 0CVE-2025-30648 – Junos OS and Junos OS Evolved: Receipt of a specifically malformed DHCP packet causes jdhcpd process to crash
https://notcve.org/view.php?id=CVE-2025-30648
09 Apr 2025 — An Improper Input Validation vulnerability in the Juniper DHCP Daemon (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause the jdhcpd process to crash resulting in a Denial of Service (DoS). When a specifically malformed DHCP packet is received from a DHCP client, the jdhcpd process crashes, which will lead to the unavailability of the DHCP service and thereby resulting in a sustained DoS. The DHCP process will restart automatically to recover the ... • https://supportportal.juniper.net/JSA96458 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2025-30647 – Junos OS: MX Series: Subscriber login/logout activity will lead to a memory leak
https://notcve.org/view.php?id=CVE-2025-30647
09 Apr 2025 — A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS). In a subscriber management scenario, login/logout activity triggers a memory leak, and the leaked memory gradually increments and eventually results in a crash. user@host> show chassis fpc Temp CPU Utilization (%) CPU Utilization (%) Memory Utilization (%) Slot State (C) Total Interru... • https://supportportal.juniper.net/JSA96457 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.1EPSS: 0%CPEs: 13EXPL: 0CVE-2025-30646 – Junos OS and Junos OS Evolved: Receipt of a malformed LLDP TLV results in l2cpd crash
https://notcve.org/view.php?id=CVE-2025-30646
09 Apr 2025 — A Signed to Unsigned Conversion Error vulnerability in the Layer 2 Control Protocol daemon (l2cpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated adjacent attacker sending a specifically malformed LLDP TLV to cause the l2cpd process to crash and restart, causing a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. When an LLDP telemetry subscription is active, receipt of a specifica... • https://supportportal.juniper.net/JSA96456 • CWE-195: Signed to Unsigned Conversion Error •
CVSS: 7.7EPSS: 0%CPEs: 6EXPL: 0CVE-2025-30644 – Junos OS: EX2300, EX3400, EX4000 Series, QFX5k Series: Receipt of a specific DHCP packet causes FPC crash when DHCP Option 82 is enabled
https://notcve.org/view.php?id=CVE-2025-30644
09 Apr 2025 — A Heap-based Buffer Overflow vulnerability in the flexible PIC concentrator (FPC) of Juniper Networks Junos OS on EX2300, EX3400, EX4100, EX4300, EX4300MP, EX4400, EX4600, EX4650-48Y, and QFX5k Series allows an attacker to send a specific DHCP packet to the device, leading to an FPC crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Under a rare timing scenario outside the attacker's control, m... • https://supportportal.juniper.net/JSA96453 • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.7EPSS: 0%CPEs: 7EXPL: 0CVE-2025-21601 – Junos OS: SRX and EX Series, MX240, MX480, MX960, QFX5120 Series: When web management is enabled for specific services an attacker may cause a CPU spike by sending genuine packets to the device
https://notcve.org/view.php?id=CVE-2025-21601
09 Apr 2025 — An Improper Following of Specification by Caller vulnerability in web management (J-Web, Captive Portal, 802.1X, Juniper Secure Connect (JSC) of Juniper Networks Junos OS on SRX Series, EX Series, MX240, MX480, MX960, QFX5120 Series, allows an unauthenticated, network-based attacker, sending genuine traffic targeted to the device to cause the CPU to climb until the device becomes unresponsive. Continuous receipt of these packets will create a sustained Denial of Service (DoS) condition. This issue affects J... • https://supportportal.juniper.net/JSA96452 •