CVE-2025-52953
Junos OS and Junos OS Evolved: An unauthenticated adjacent attacker sending a valid BGP UPDATE packet forces a BGP session reset
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An Expected Behavior Violation vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending a valid BGP UPDATE packet to cause a BGP session reset, resulting in a Denial of Service (DoS). Continuous receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects iBGP and eBGP and both IPv4 and IPv6 are affected by this vulnerability. This issue affects Junos OS: * All versions before 21.2R3-S9, * from 21.4 before 21.4R3-S11, * from 22.2 before 22.2R3-S7, * from 22.4 before 22.4R3-S7, * from 23.2 before 23.2R2-S4, * from 23.4 before 23.4R2-S4, * from 24.2 before 24.2R2, * from 24.4 before 24.4R1-S3, 24.4R2 Junos OS Evolved: * All versions before 22.2R3-S7-EVO, * from 22.4-EVO before 22.4R3-S7-EVO, * from 23.2-EVO before 23.2R2-S4-EVO, * from 23.4-EVO before 23.4R2-S4-EVO, * from 24.2-EVO before 24.2R2-EVO, * from 24.4-EVO before 24.4R1-S3-EVO, 24.4R2-EVO.
An Expected Behavior Violation vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending a valid BGP UPDATE packet to cause a BGP session reset, resulting in a Denial of Service (DoS). Continuous receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects iBGP and eBGP and both IPv4 and IPv6 are affected by this vulnerability. This issue affects Junos OS: * All versions before 21.2R3-S9, * from 21.4 before 21.4R3-S11, * from 22.2 before 22.2R3-S7, * from 22.4 before 22.4R3-S7, * from 23.2 before 23.2R2-S4, * from 23.4 before 23.4R2-S4, * from 24.2 before 24.2R2, * from 24.4 before 24.4R1-S3, 24.4R2 Junos OS Evolved: * All versions before 22.2R3-S7-EVO, * from 22.4-EVO before 22.4R3-S7-EVO, * from 23.2-EVO before 23.2R2-S4-EVO, * from 23.4-EVO before 23.4R2-S4-EVO, * from 24.2-EVO before 24.2R2-EVO, * from 24.4-EVO before 24.4R1-S3-EVO, 24.4R2-EVO.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2025-06-23 CVE Reserved
- 2025-07-11 CVE Published
- 2025-07-11 CVE Updated
- 2025-08-22 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-440: Expected Behavior Violation
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://www.juniper.net/documentation/us/en/software/junos/bgp/topics/task/routing-protocol-bgp-security-configuring.html | Technical Description |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://supportportal.juniper.net/JSA100059 | 2025-07-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Search vendor "Juniper Networks" for product "Junos OS" | < 21.2R3-S9 Search vendor "Juniper Networks" for product "Junos OS" and version " < 21.2R3-S9" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Search vendor "Juniper Networks" for product "Junos OS" | >= 21.4 < 21.4R3-S11 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 21.4 < 21.4R3-S11" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Search vendor "Juniper Networks" for product "Junos OS" | >= 22.2 < 22.2R3-S7 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 22.2 < 22.2R3-S7" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Search vendor "Juniper Networks" for product "Junos OS" | >= 22.4 < 22.4R3-S7 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 22.4 < 22.4R3-S7" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Search vendor "Juniper Networks" for product "Junos OS" | >= 23.2 < 23.2R2-S4 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 23.2 < 23.2R2-S4" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Search vendor "Juniper Networks" for product "Junos OS" | >= 23.4 < 23.4R2-S4 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 23.4 < 23.4R2-S4" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Search vendor "Juniper Networks" for product "Junos OS" | >= 24.2 < 24.2R2 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 24.2 < 24.2R2" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Search vendor "Juniper Networks" for product "Junos OS" | >= 24.4 < 24.4R1-S3 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 24.4 < 24.4R1-S3" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Search vendor "Juniper Networks" for product "Junos OS" | >= 24.4 < 24.4R2 Search vendor "Juniper Networks" for product "Junos OS" and version " >= 24.4 < 24.4R2" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Evolved Search vendor "Juniper Networks" for product "Junos OS Evolved" | < 22.2R3-S7-EVO Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " < 22.2R3-S7-EVO" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Evolved Search vendor "Juniper Networks" for product "Junos OS Evolved" | >= 22.4-EVO < 22.4R3-S7-EVO Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 22.4-EVO < 22.4R3-S7-EVO" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Evolved Search vendor "Juniper Networks" for product "Junos OS Evolved" | >= 23.2-EVO < 23.2R2-S4-EVO Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 23.2-EVO < 23.2R2-S4-EVO" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Evolved Search vendor "Juniper Networks" for product "Junos OS Evolved" | >= 23.4-EVO < 23.4R2-S4-EVO Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 23.4-EVO < 23.4R2-S4-EVO" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Evolved Search vendor "Juniper Networks" for product "Junos OS Evolved" | >= 24.2-EVO < 24.2R2-EVO Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 24.2-EVO < 24.2R2-EVO" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Evolved Search vendor "Juniper Networks" for product "Junos OS Evolved" | >= 24.4-EVO < 24.4R1-S3-EVO Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 24.4-EVO < 24.4R1-S3-EVO" | en |
Affected
| ||||||
| Juniper Networks Search vendor "Juniper Networks" | Junos OS Evolved Search vendor "Juniper Networks" for product "Junos OS Evolved" | >= 24.4-EVO < 24.4R2-EVO Search vendor "Juniper Networks" for product "Junos OS Evolved" and version " >= 24.4-EVO < 24.4R2-EVO" | en |
Affected
| ||||||