CVSS: 7.4EPSS: 0%CPEs: 11EXPL: 0CVE-2025-30648 – Junos OS and Junos OS Evolved: Receipt of a specifically malformed DHCP packet causes jdhcpd process to crash
https://notcve.org/view.php?id=CVE-2025-30648
09 Apr 2025 — An Improper Input Validation vulnerability in the Juniper DHCP Daemon (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause the jdhcpd process to crash resulting in a Denial of Service (DoS). When a specifically malformed DHCP packet is received from a DHCP client, the jdhcpd process crashes, which will lead to the unavailability of the DHCP service and thereby resulting in a sustained DoS. The DHCP process will restart automatically to recover the ... • https://supportportal.juniper.net/JSA96458 • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2025-30647 – Junos OS: MX Series: Subscriber login/logout activity will lead to a memory leak
https://notcve.org/view.php?id=CVE-2025-30647
09 Apr 2025 — A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS). In a subscriber management scenario, login/logout activity triggers a memory leak, and the leaked memory gradually increments and eventually results in a crash. user@host> show chassis fpc Temp CPU Utilization (%) CPU Utilization (%) Memory Utilization (%) Slot State (C) Total Interru... • https://supportportal.juniper.net/JSA96457 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.1EPSS: 0%CPEs: 13EXPL: 0CVE-2025-30646 – Junos OS and Junos OS Evolved: Receipt of a malformed LLDP TLV results in l2cpd crash
https://notcve.org/view.php?id=CVE-2025-30646
09 Apr 2025 — A Signed to Unsigned Conversion Error vulnerability in the Layer 2 Control Protocol daemon (l2cpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated adjacent attacker sending a specifically malformed LLDP TLV to cause the l2cpd process to crash and restart, causing a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. When an LLDP telemetry subscription is active, receipt of a specifica... • https://supportportal.juniper.net/JSA96456 • CWE-195: Signed to Unsigned Conversion Error •
CVSS: 8.7EPSS: 0%CPEs: 6EXPL: 0CVE-2025-30645 – Junos OS: SRX Series: Transmission of specific control traffic sent out of a DS-Lite tunnel results in flowd crash
https://notcve.org/view.php?id=CVE-2025-30645
09 Apr 2025 — A NULL Pointer Dereference vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker causing specific, valid control traffic to be sent out of a Dual-Stack (DS) Lite tunnel to crash the flowd process, resulting in a Denial of Service (DoS). Continuous triggering of specific control traffic will create a sustained Denial of Service (DoS) condition. On all SRX platforms, when specific, valid control traffic needs to be sent out of a DS-Lite tunnel, a segmentation f... • https://supportportal.juniper.net/JSA96455 • CWE-476: NULL Pointer Dereference •
CVSS: 7.7EPSS: 0%CPEs: 6EXPL: 0CVE-2025-30644 – Junos OS: EX2300, EX3400, EX4000 Series, QFX5k Series: Receipt of a specific DHCP packet causes FPC crash when DHCP Option 82 is enabled
https://notcve.org/view.php?id=CVE-2025-30644
09 Apr 2025 — A Heap-based Buffer Overflow vulnerability in the flexible PIC concentrator (FPC) of Juniper Networks Junos OS on EX2300, EX3400, EX4100, EX4300, EX4300MP, EX4400, EX4600, EX4650-48Y, and QFX5k Series allows an attacker to send a specific DHCP packet to the device, leading to an FPC crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Under a rare timing scenario outside the attacker's control, m... • https://supportportal.juniper.net/JSA96453 • CWE-122: Heap-based Buffer Overflow •
CVSS: 8.7EPSS: 0%CPEs: 7EXPL: 0CVE-2025-21601 – Junos OS: SRX and EX Series, MX240, MX480, MX960, QFX5120 Series: When web management is enabled for specific services an attacker may cause a CPU spike by sending genuine packets to the device
https://notcve.org/view.php?id=CVE-2025-21601
09 Apr 2025 — An Improper Following of Specification by Caller vulnerability in web management (J-Web, Captive Portal, 802.1X, Juniper Secure Connect (JSC) of Juniper Networks Junos OS on SRX Series, EX Series, MX240, MX480, MX960, QFX5120 Series, allows an unauthenticated, network-based attacker, sending genuine traffic targeted to the device to cause the CPU to climb until the device becomes unresponsive. Continuous receipt of these packets will create a sustained Denial of Service (DoS) condition. This issue affects J... • https://supportportal.juniper.net/JSA96452 •
CVSS: 8.7EPSS: 0%CPEs: 9EXPL: 0CVE-2025-21594 – Junos OS: MX Series: In DS-lite and NAT scenario receipt of crafted IPv6 traffic causes port block
https://notcve.org/view.php?id=CVE-2025-21594
09 Apr 2025 — An Improper Check for Unusual or Exceptional Conditions vulnerability in the pfe (packet forwarding engine) of Juniper Networks Junos OS on MX Series causes a port within a pool to be blocked leading to Denial of Service (DoS). In a DS-Lite (Dual-Stack Lite) and NAT (Network Address Translation) scenario, when crafted IPv6 traffic is received and prefix-length is set to 56, the ports assigned to the user will not be freed. Eventually, users cannot establish new connections. Affected FPC/PIC need to be manua... • https://supportportal.juniper.net/JSA96449 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.4EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21591 – Junos OS: An unauthenticated adjacent attacker sending a malformed DHCP packet causes jdhcpd to crash
https://notcve.org/view.php?id=CVE-2025-21591
09 Apr 2025 — A Buffer Access with Incorrect Length Value vulnerability in the jdhcpd daemon of Juniper Networks Junos OS, when DHCP snooping is enabled, allows an unauthenticated, adjacent, attacker to send a DHCP packet with a malformed DHCP option to cause jdhcp to crash creating a Denial of Service (DoS) condition. Continuous receipt of these DHCP packets using the malformed DHCP Option will create a sustained Denial of Service (DoS) condition. This issue affects Junos OS: * from 23.1R1 before 23.2R2-S3, * from 23.4 ... • https://supportportal.juniper.net/JSA96448 • CWE-805: Buffer Access with Incorrect Length Value •
CVSS: 6.7EPSS: 5%CPEs: 8EXPL: 0CVE-2025-21590 – Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability
https://notcve.org/view.php?id=CVE-2025-21590
12 Mar 2025 — An Improper Isolation or Compartmentalization vulnerability in the kernel of Juniper Networks Junos OS allows a local attacker with high privileges to compromise the integrity of the device. A local attacker with access to the shell is able to inject arbitrary code which can compromise an affected device. This issue is not exploitable from the Junos CLI. This issue affects Junos OS: * All versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S10, * 22.2 versions before 22.2R3-S6, * 22.4 versions before 2... • https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-espionage-targets-juniper-routers • CWE-653: Improper Isolation or Compartmentalization •
CVSS: 8.2EPSS: 0%CPEs: 16EXPL: 0CVE-2025-21598 – Junos OS and Junos OS Evolved: When BGP traceoptions are configured, receipt of malformed BGP packets causes RPD to crash
https://notcve.org/view.php?id=CVE-2025-21598
09 Jan 2025 — An Out-of-bounds Read vulnerability in Juniper Networks Junos OS and Junos OS Evolved's routing protocol daemon (rpd) allows an unauthenticated, network-based attacker to send malformed BGP packets to a device configured with packet receive trace options enabled to crash rpd. This issue affects: Junos OS: * from 21.2R3-S8 before 21.2R3-S9, * from 21.4R3-S7 before 21.4R3-S9, * from 22.2R3-S4 before 22.2R3-S5, * from 22.3R3-S2 before 22.3R3-S4, * from 22.4R3 before 22.4R3-S5, * from 23.2R2 before 23.2R2-S2, *... • https://supportportal.juniper.net/JSA92867 • CWE-125: Out-of-bounds Read •