CVE-2025-52961

Medienbericht

EPSS 0.02%
Veröffentlicht 09.10.2025 15:40:52
Zuletzt bearbeitet 14.10.2025 19:37:28
Quelle sirt@juniper.net
CVE-Watchlists
Login
Unerledigt
Login

An Uncontrolled Resource Consumption vulnerability in the Connectivity Fault Management (CFM) daemon and the Connectivity Fault Management Manager (cfmman) of Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016  allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).

An attacker on an adjacent device sending specific valid traffic can cause cfmd to spike the CPU to 100% and cfmman's memory to leak, eventually to cause the FPC crash and restart.

Continued receipt and processes of these specific valid packets will sustain the Denial of Service (DoS) condition.

An indicator of compromise is to watch for an increase in cfmman memory rising over time by issuing the following command and evaluating the RSS number. If the RSS is growing into GBs then consider restarting the device to temporarily clear memory.
 
  user@device> show system processes node fpc<num> detail | match cfmman

Example: 

  show system processes node fpc0 detail | match cfmman 
  F S UID        PID       PPID  PGID   SID   C PRI  NI  ADDR SZ    WCHAN    RSS     PSR STIME TTY          TIME     CMD
  4 S root      15204     1    15204  15204  0  80  0   - 90802     -      113652   4  Sep25 ?           00:15:28 /usr/bin/cfmman -p /var/pfe -o -c /usr/conf/cfmman-cfg-active.xml
This issue affects Junos OS Evolved on PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016:

  *  from 23.2R1-EVO before 23.2R2-S4-EVO, 
  *  from 23.4 before 23.4R2-S4-EVO, 
  *  from 24.2 before 24.2R2-EVO, 
  *  from 24.4 before 24.4R1-S2-EVO, 24.4R2-EVO.


This issue does not affect Junos OS Evolved on PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016  before 23.2R1-EVO.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerJuniper Networks

≫

Produkt Junos OS Evolved

Default Statusunaffected

Version < 23.2R2-S4-EVO

Version 23.2R1-EVO

Status affected

Version < 23.4R2-S4-EVO

Version 23.4-EVO

Status affected

Version < 24.2R2-EVO

Version 24.2-EVO

Status affected

Version < 24.4R1-S2-EVO, 24.4R2-EVO

Version 24.4-EVO

Status affected

Version < 23.2R1-EVO

Version 0

Status unaffected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.028

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
sirt@juniper.net	6.5	2.8	3.6	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
sirt@juniper.net	7.1	0	0	CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:C/RE:M/U:Green

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://www.heise.de/news/Juniper-Security-Director-Angreifer-koennen-Sicherheitsmechanismus-umgehen-10750030.html

Medienbericht

heise Security

https://www.juniper.net/documentation/us/en/software/junos/network-mgmt/topics/topic-map/cfm-configuring.html

https://supportportal.juniper.net/JSA103144

https://nvd.nist.gov/vuln/detail/CVE-2025-52961

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-52961

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-52961

EUVD