8.7

CVE-2025-60003

A Buffer Over-read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).

When an affected device receives a BGP update with a set of specific optional transitive attributes over an established peering session, rpd will crash and restart when attempting to advertise the received information to another peer.
This issue can only happen if one or both of the BGP peers of the receiving session are non-4-byte-AS capable as determined from the advertised capabilities during BGP session establishment. Junos OS and Junos OS Evolved default behavior is 4-byte-AS capable unless this has been specifically disabled by configuring:

[ protocols bgp ... disable-4byte-as ]


Established BGP sessions can be checked by executing:

show bgp neighbor <IP address> | match "4 byte AS"


This issue affects:

Junos OS: 

  *  all versions before 22.4R3-S8,
  *  23.2 versions before 23.2R2-S5,
  *  23.4 versions before 23.4R2-S6,
  *  24.2 versions before 24.2R2-S2,
  *  24.4 versions before 24.4R2;


Junos OS Evolved: 

  *  all versions before 22.4R3-S8-EVO,
  *  23.2 versions before 23.2R2-S5-EVO,
  *  23.4 versions before 23.4R2-S6-EVO,
  *  24.2 versions before 24.2R2-S2-EVO,
  *  24.4 versions before 24.4R2-EVO.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
JuniperJunos Version < 22.4
JuniperJunos Version22.4 Update-
JuniperJunos Version22.4 Updater1
JuniperJunos Version22.4 Updater1-s1
JuniperJunos Version22.4 Updater1-s2
JuniperJunos Version22.4 Updater2
JuniperJunos Version22.4 Updater2-s1
JuniperJunos Version22.4 Updater2-s2
JuniperJunos Version22.4 Updater3
JuniperJunos Version22.4 Updater3-s1
JuniperJunos Version22.4 Updater3-s2
JuniperJunos Version22.4 Updater3-s3
JuniperJunos Version22.4 Updater3-s4
JuniperJunos Version22.4 Updater3-s5
JuniperJunos Version22.4 Updater3-s6
JuniperJunos Version22.4 Updater3-s7
JuniperJunos Version23.2 Update-
JuniperJunos Version23.2 Updater1
JuniperJunos Version23.2 Updater1-s1
JuniperJunos Version23.2 Updater1-s2
JuniperJunos Version23.2 Updater2
JuniperJunos Version23.2 Updater2-s1
JuniperJunos Version23.2 Updater2-s2
JuniperJunos Version23.2 Updater2-s3
JuniperJunos Version23.2 Updater2-s4
JuniperJunos Version23.4 Update-
JuniperJunos Version23.4 Updater1
JuniperJunos Version23.4 Updater1-s1
JuniperJunos Version23.4 Updater1-s2
JuniperJunos Version23.4 Updater2
JuniperJunos Version23.4 Updater2-s1
JuniperJunos Version23.4 Updater2-s2
JuniperJunos Version23.4 Updater2-s3
JuniperJunos Version23.4 Updater2-s4
JuniperJunos Version23.4 Updater2-s5
JuniperJunos Version24.2 Update-
JuniperJunos Version24.2 Updater1
JuniperJunos Version24.2 Updater1-s1
JuniperJunos Version24.2 Updater1-s2
JuniperJunos Version24.2 Updater2
JuniperJunos Version24.2 Updater2-s1
JuniperJunos Version24.4 Update-
JuniperJunos Version24.4 Updater1
JuniperJunos Version24.4 Updater1-s2
JuniperJunos Version24.4 Updater1-s3
JuniperJunos Os Evolved Version < 22.4
JuniperJunos Os Evolved Version22.4 Update-
JuniperJunos Os Evolved Version22.4 Updater1
JuniperJunos Os Evolved Version22.4 Updater1-s1
JuniperJunos Os Evolved Version22.4 Updater1-s2
JuniperJunos Os Evolved Version22.4 Updater2
JuniperJunos Os Evolved Version22.4 Updater2-s1
JuniperJunos Os Evolved Version22.4 Updater2-s2
JuniperJunos Os Evolved Version22.4 Updater3
JuniperJunos Os Evolved Version22.4 Updater3-s1
JuniperJunos Os Evolved Version22.4 Updater3-s2
JuniperJunos Os Evolved Version22.4 Updater3-s3
JuniperJunos Os Evolved Version22.4 Updater3-s4
JuniperJunos Os Evolved Version22.4 Updater3-s5
JuniperJunos Os Evolved Version22.4 Updater3-s6
JuniperJunos Os Evolved Version22.4 Updater3-s7
JuniperJunos Os Evolved Version23.2 Update-
JuniperJunos Os Evolved Version23.2 Updater1
JuniperJunos Os Evolved Version23.2 Updater1-s1
JuniperJunos Os Evolved Version23.2 Updater1-s2
JuniperJunos Os Evolved Version23.2 Updater2
JuniperJunos Os Evolved Version23.2 Updater2-s1
JuniperJunos Os Evolved Version23.2 Updater2-s2
JuniperJunos Os Evolved Version23.2 Updater2-s3
JuniperJunos Os Evolved Version23.2 Updater2-s4
JuniperJunos Os Evolved Version23.4 Update-
JuniperJunos Os Evolved Version23.4 Updater1
JuniperJunos Os Evolved Version23.4 Updater1-s1
JuniperJunos Os Evolved Version23.4 Updater1-s2
JuniperJunos Os Evolved Version23.4 Updater2
JuniperJunos Os Evolved Version23.4 Updater2-s1
JuniperJunos Os Evolved Version23.4 Updater2-s2
JuniperJunos Os Evolved Version23.4 Updater2-s3
JuniperJunos Os Evolved Version23.4 Updater2-s4
JuniperJunos Os Evolved Version23.4 Updater2-s5
JuniperJunos Os Evolved Version24.2 Update-
JuniperJunos Os Evolved Version24.2 Updater1
JuniperJunos Os Evolved Version24.2 Updater1-s2
JuniperJunos Os Evolved Version24.2 Updater2
JuniperJunos Os Evolved Version24.2 Updater2-s1
JuniperJunos Os Evolved Version24.4 Update-
JuniperJunos Os Evolved Version24.4 Updater1
JuniperJunos Os Evolved Version24.4 Updater1-s2
JuniperJunos Os Evolved Version24.4 Updater1-s3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.05% 0.151
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
sirt@juniper.net 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
sirt@juniper.net 8.7 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X
CWE-126 Buffer Over-read

The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.