We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-21593

Junos OS and Junos OS Evolved: On SRv6 enabled devices, an attacker sending a malformed BGP update can cause the rpd to crash



Description

An Improper Control of a Resource Through its Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial-of-Service (DoS). On devices with SRv6 (Segment Routing over IPv6) enabled, an attacker can send a malformed BGP UPDATE packet which will cause the rpd to crash and restart. Continued receipt of these UPDATE packets will cause a sustained DoS condition.  This issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability.This issue affects Junos OS:  * All versions before 21.2R3-S9,  * from 21.4 before 21.4R3-S10,  * from 22.2 before 22.2R3-S5,  * from 22.3 before 22.3R3-S4,  * from 22.4 before 22.4R3-S3,  * from 23.2 before 23.2R2-S2,  * from 23.4 before 23.4R2; and Junos OS Evolved:  * All versions before 21.2R3-S9-EVO,  * from 21.4-EVO before 21.4R3-S10-EVO,  * from 22.2-EVO before 22.2R3-S5-EVO,  * from 22.3-EVO before 22.3R3-S4-EVO,  * from 22.4-EVO before 22.4R3-S3-EVO, * from 23.2-EVO before 23.2R2-S2-EVO,  * from 23.4-EVO before 23.4R2-EVO.

Reserved 2024-12-26 | Published 2025-01-09 | Updated 2025-01-09 | Assigner juniper


MEDIUM: 6.5CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

HIGH: 7.1CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/R:A

Problem types

CWE-664 Improper Control of a Resource Through its Lifetime

Product status

Default status
unaffected

Any version before 21.2R3-S9
affected

21.4 before 21.4R3-S10
affected

22.2 before 22.2R3-S5
affected

22.3 before 22.3R3-S4
affected

22.4 before 22.4R3-S3
affected

23.2 before 23.2R2-S2
affected

23.4 before 23.4R2
affected

Default status
unaffected

Any version before 21.2R3-S9-EVO
affected

21.4-EVO before 21.4R3-S10-EVO
affected

22.2-EVO before 22.2R3-S5-EVO
affected

22.3-EVO before 22.3R3-S4-EVO
affected

22.4-EVO before 22.4R3-S3-EVO
affected

23.2-EVO before 23.2R2-S2-EVO
affected

23.4-EVO before 23.4R2-EVO
affected

References

supportportal.juniper.net/JSA92861 vendor-advisory

cve.org (CVE-2025-21593)

nvd.nist.gov (CVE-2025-21593)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2025-21593

Support options

Helpdesk Chat, Email, Knowledgebase
Subscribe to our newsletter to learn more about our work.