Juniper Networks has released advisories detailing two significant vulnerabilities affecting their Junos OS and Junos OS Evolved systems. Both issues highlight risks for network administrators and underscore the importance of timely patch management.
The first vulnerability (CVE-2025-21598) is an Out-of-Bounds Read issue in the routing protocol daemon (RPD) of Junos OS and Junos OS Evolved. This flaw allows an unauthenticated attacker to send malformed BGP packets, causing the RPD process to crash. According to Juniper, “This issue can propagate and multiply through multiple ASes until reaching vulnerable devices,” amplifying the potential impact across interconnected networks.
Devices with BGP trace options enabled are susceptible. Vulnerable versions include Junos OS releases from 21.2R3-S8 to 24.2R1, and similar iterations of Junos OS Evolved. An indicator of compromise is the presence of log messages such as:
Administrators are advised to disable BGP trace options or upgrade to patched versions such as Junos OS 24.2R2 and Junos OS Evolved 24.2R2-EVO.
The second vulnerability (CVE-2025-21599) affects the Juniper Tunnel Driver (jtd) in Junos OS Evolved. It involves a Missing Release of Memory after Effective Lifetime, where specifically crafted IPv6 packets cause kernel memory exhaustion, resulting in a crash and denial of service (DoS). “Continuous receipt and processing of these packets will continue to exhaust kernel memory, creating a sustained Denial of Service (DoS) condition,” the advisory warns.
This vulnerability only affects systems configured with IPv6 running Junos OS Evolved versions from 22.4R1-EVO to 24.2R1-EVO. Earlier versions remain unaffected.
Both vulnerabilities have been assigned a CVSSv3 score of 7.5, making them “high” severity.
Juniper Networks has released patches to address both vulnerabilities. It is important to note that both of these vulnerabilities can be exploited by unauthenticated attackers, making them particularly dangerous. Organizations that use Junos OS or Junos OS Evolved are strongly encouraged to patch their systems immediately.
Related Posts:
- Juniper Junos OS Evolved Vulnerabilities Enable Root-Level Compromise
- CVE-2024-21591: Critical Pre-RCE Flaw Threatens Junos OS SRX and EX Series
