CVSS: 8.7EPSS: %CPEs: 6EXPL: 0CVE-2025-30660 – Junos OS: MX Series: Decapsulation of specific GRE packets leads to PFE reset
https://notcve.org/view.php?id=CVE-2025-30660
09 Apr 2025 — An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).When processing a high rate of specific GRE traffic destined to the device, the respective PFE will hang causing traffic forwarding to stop. When this issue occurs the following logs can be observed:
CVSS: 8.7EPSS: %CPEs: 6EXPL: 0CVE-2025-30659 – Junos OS: SRX Series: A device configured for vector routing crashes when receiving malformed traffic
https://notcve.org/view.php?id=CVE-2025-30659
09 Apr 2025 — An Improper Handling of Length Parameter Inconsistency vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When a device configured for Secure Vector Routing (SVR) receives a specifically malformed packet the PFE will crash and restart. This issue affects Junos OS on SRX Series: * All 21.4 versions, * 22.2 versions before 22.2R3-S6, * 22.4 versions before 22.4R3-S6, * 23.2 version... • https://supportportal.juniper.net/JSA96470 • CWE-130: Improper Handling of Length Parameter Inconsistency •
CVSS: 8.7EPSS: %CPEs: 7EXPL: 0CVE-2025-30658 – Junos OS: SRX Series: On devices with Anti-Virus enabled, malicious server responses will cause memory to leak ultimately causing forwarding to stop
https://notcve.org/view.php?id=CVE-2025-30658
09 Apr 2025 — A Missing Release of Memory after Effective Lifetime vulnerability in the Anti-Virus processing of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On all SRX platforms with Anti-Virus enabled, if a server sends specific content in the HTTP body of a response to a client request, these packets are queued by Anti-Virus processing in Juniper Buffers (jbufs) which are never released. When these jbufs are exhausted, the device stops fo... • https://supportportal.juniper.net/JSA96469 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.9EPSS: %CPEs: 6EXPL: 0CVE-2025-30657 – Junos OS: Processing of a specific BGP update causes the SRRD process to crash
https://notcve.org/view.php?id=CVE-2025-30657
09 Apr 2025 — An Improper Encoding or Escaping of Output vulnerability in the Sampling Route Record Daemon (SRRD) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When a device configured for flow-monitoring receives a specific BGP update message, it is correctly processed internally by the routing protocol daemon (rpd), but when it's sent to SRRD it's encoded incorrectly which leads to a crash and momentary interruption of jflow processing until it automa... • https://supportportal.juniper.net/JSA96467 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 8.7EPSS: %CPEs: 8EXPL: 0CVE-2025-30656 – Junos OS: MX Series, SRX Series: Processing of specific SIP INVITE messages by the SIP ALG will lead to an FPC crash
https://notcve.org/view.php?id=CVE-2025-30656
09 Apr 2025 — An Improper Handling of Additional Special Element vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series with MS-MPC, MS-MIC and SPC3, and SRX Series, allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If the SIP ALG processes specifically formatted SIP invites, a memory corruption will occur which will lead to a crash of the FPC processing these packets. Although the system will automatically recover with the restart of the FPC, sub... • https://supportportal.juniper.net/JSA96466 • CWE-167: Improper Handling of Additional Special Element •
CVSS: 6.8EPSS: %CPEs: 12EXPL: 0CVE-2025-30655 – Junos OS and Junos OS Evolved: A specific CLI command will cause an RPD crash when rib-sharding and update-threading is enabled
https://notcve.org/view.php?id=CVE-2025-30655
09 Apr 2025 — An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to cause a Denial-of-Service (DoS). When a specific "show bgp neighbor" CLI command is run, the rpd cpu utilization rises and eventually causes a crash and restart. Repeated use of this command will cause a sustained DoS condition. The device is only affected if BGP RIB sharding and update-threading is enabled. Th... • https://supportportal.juniper.net/JSA96465 • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 6.8EPSS: %CPEs: 10EXPL: 0CVE-2025-30654 – Junos OS and Junos OS Evolved: A local, low privileged user can access sensitive information
https://notcve.org/view.php?id=CVE-2025-30654
09 Apr 2025 — An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged, authenticated attacker with access to the CLI to access sensitive information. Through the execution of a specific show mgd command, a user with limited permissions (e.g., a low-privileged login class user) can access sensitive information such as hashed passwords, that can be used to further impact the system. This issue aff... • https://supportportal.juniper.net/JSA96464 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: %CPEs: 8EXPL: 0CVE-2025-30653 – Junos OS and Junos OS Evolved: LSP flap in a specific MPLS scenario leads to rpd crash
https://notcve.org/view.php?id=CVE-2025-30653
09 Apr 2025 — An Expired Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service (DoS).On all Junos OS and Junos OS Evolved platforms, when an MPLS Label-Switched Path (LSP) is configured with node-link-protection and transport-class, and an LSP flaps, rpd crashes and restarts. Continuous flapping of LSP can cause a sustained Denial of Service (DoS) condition. This issue affects: Junos OS: ... • https://supportportal.juniper.net/JSA96463 • CWE-825: Expired Pointer Dereference •
CVSS: 6.8EPSS: %CPEs: 14EXPL: 0CVE-2025-30652 – Junos OS and Junos OS Evolved: Executing a specific CLI command when asregex-optimized is configured causes an rpd crash
https://notcve.org/view.php?id=CVE-2025-30652
09 Apr 2025 — An Improper Handling of Exceptional Conditions vulnerability in routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker executing a CLI command to cause a Denial of Service (DoS). When asregex-optimized is configured and a specific "show route as-path" CLI command is executed, the rpd crashes and restarts. Repeated execution of this command will cause a sustained DoS condition. This issue affects Junos OS: * All versions before 21.2R3-S9, * fro... • https://supportportal.juniper.net/JSA96462 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 8.7EPSS: %CPEs: 12EXPL: 0CVE-2025-30651 – Junos OS and Junos OS Evolved: Receipt of a specific ICMPv6 packet causes a memory overrun leading to an rpd crash
https://notcve.org/view.php?id=CVE-2025-30651
09 Apr 2025 — A Buffer Access with Incorrect Length Value vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When an attacker sends a specific ICMPv6 packet to an interface with "protocols router-advertisement" configured, rpd crashes and restarts. Continued receipt of this packet will cause a sustained DoS condition. This issue only affects systems configured with IPv6. This issue affec... • https://supportportal.juniper.net/JSA96461 • CWE-805: Buffer Access with Incorrect Length Value •