6.5

CVE-2025-30653

Medienbericht
An Expired Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service (DoS).On all Junos OS and Junos OS Evolved platforms, when an MPLS Label-Switched Path (LSP) is configured with node-link-protection and transport-class, and an LSP flaps, rpd crashes and restarts. Continuous flapping of LSP can cause a sustained Denial of Service (DoS) condition.

This issue affects:

Junos OS:



  *  All versions before 22.2R3-S4,

  *  22.4 versions before 22.4R3-S2,

  *  23.2 versions before 23.2R2,

  *  23.4 versions before 23.4R2.





Junos OS Evolved:



  *  All versions before 22.2R3-S4-EVO,

  *  22.4-EVO versions before 22.4R3-S2-EVO,

  *  23.2-EVO versions before 23.2R2-EVO,

  *  23.4-EVO versions before 23.4R2-EVO.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
JuniperJunos Version < 22.2
JuniperJunos Version22.2 Update-
JuniperJunos Version22.2 Updater1
JuniperJunos Version22.2 Updater1-s1
JuniperJunos Version22.2 Updater1-s2
JuniperJunos Version22.2 Updater2
JuniperJunos Version22.2 Updater2-s1
JuniperJunos Version22.2 Updater2-s2
JuniperJunos Version22.2 Updater3
JuniperJunos Version22.2 Updater3-s1
JuniperJunos Version22.2 Updater3-s2
JuniperJunos Version22.2 Updater3-s3
JuniperJunos Version22.4 Update-
JuniperJunos Version22.4 Updater1
JuniperJunos Version22.4 Updater1-s1
JuniperJunos Version22.4 Updater1-s2
JuniperJunos Version22.4 Updater2
JuniperJunos Version22.4 Updater2-s1
JuniperJunos Version22.4 Updater2-s2
JuniperJunos Version22.4 Updater3
JuniperJunos Version22.4 Updater3-s1
JuniperJunos Version23.2 Update-
JuniperJunos Version23.2 Updater1
JuniperJunos Version23.2 Updater1-s1
JuniperJunos Version23.2 Updater1-s2
JuniperJunos Version23.4 Update-
JuniperJunos Version23.4 Updater1
JuniperJunos Version23.4 Updater1-s1
JuniperJunos Version23.4 Updater1-s2
JuniperJunos Os Evolved Version < 22.2
JuniperJunos Os Evolved Version22.2 Update-
JuniperJunos Os Evolved Version22.2 Updater1
JuniperJunos Os Evolved Version22.2 Updater1-s1
JuniperJunos Os Evolved Version22.2 Updater1-s2
JuniperJunos Os Evolved Version22.2 Updater2
JuniperJunos Os Evolved Version22.2 Updater2-s1
JuniperJunos Os Evolved Version22.2 Updater2-s2
JuniperJunos Os Evolved Version22.2 Updater3
JuniperJunos Os Evolved Version22.2 Updater3-s1
JuniperJunos Os Evolved Version22.2 Updater3-s2
JuniperJunos Os Evolved Version22.2 Updater3-s3
JuniperJunos Os Evolved Version22.4 Update-
JuniperJunos Os Evolved Version22.4 Updater1
JuniperJunos Os Evolved Version22.4 Updater1-s1
JuniperJunos Os Evolved Version22.4 Updater1-s2
JuniperJunos Os Evolved Version22.4 Updater2
JuniperJunos Os Evolved Version22.4 Updater2-s1
JuniperJunos Os Evolved Version22.4 Updater2-s2
JuniperJunos Os Evolved Version22.4 Updater3
JuniperJunos Os Evolved Version22.4 Updater3-s1
JuniperJunos Os Evolved Version23.2 Update-
JuniperJunos Os Evolved Version23.2 Updater1
JuniperJunos Os Evolved Version23.2 Updater1-s1
JuniperJunos Os Evolved Version23.2 Updater1-s2
JuniperJunos Os Evolved Version23.4 Update-
JuniperJunos Os Evolved Version23.4 Updater1
JuniperJunos Os Evolved Version23.4 Updater1-s1
JuniperJunos Os Evolved Version23.4 Updater1-s2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.13% 0.332
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
sirt@juniper.net 6 0 0
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
sirt@juniper.net 6.5 2.8 3.6
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-825 Expired Pointer Dereference

The product dereferences a pointer that contains a location for memory that was previously valid, but is no longer valid.