CVE-2025-60004

Medienbericht

EPSS 0.06%
Veröffentlicht 09.10.2025 16:18:27
Zuletzt bearbeitet 14.10.2025 19:37:28
Quelle sirt@juniper.net
CVE-Watchlists
Login
Unerledigt
Login

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-Of-Service (DoS).

When an affected system receives a specific BGP EVPN update message over an established BGP session, this causes an rpd crash and restart.

A BGP EVPN configuration is not necessary to be vulnerable. If peers are not configured to send BGP EVPN updates to a vulnerable device, then this issue can't occur.

This issue affects iBGP and eBGP, over IPv4 and IPv6.


This issue affects:
Junos OS:
  *  23.4 versions from 

23.4R2-S3 before 23.4R2-S5,
  *  24.2 versions from 

24.2R2 

before 24.2R2-S1,
  *  24.4 versions before 24.4R1-S3, 24.4R2;



Junos OS Evolved:
  *  23.4-EVO versions from 23.4R2-S2-EVO before 23.4R2-S5-EVO,
  *  24.2-EVO versions from 24.2R2-EVO before 24.2R2-S1-EVO,
  *  24.4-EVO versions before 24.4R1-S3-EVO, 24.4R2-EVO.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

HerstellerJuniper Networks

≫

Produkt Junos OS

Default Statusunaffected

Version < 23.4R2-S5

Version 23.4R2-S3

Status affected

Version < 24.2R2-S1

Version 24.2R2

Status affected

Version < 24.4R1-S3, 24.4R2

Version 24.4R1

Status affected

HerstellerJuniper Networks

≫

Produkt Junos OS Evolved

Default Statusunaffected

Version < 23.4R2-S5-EVO

Version 23.4R2-S2-EVO

Status affected

Version < 24.2R2-S1-EVO

Version 24.2R2-EVO

Status affected

Version < 24.4R1-S3-EVO, 24.4R2-EVO

Version 24.4R1-EVO

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.178

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
sirt@juniper.net	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
sirt@juniper.net	8.7	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:X

CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

https://www.heise.de/news/Juniper-Security-Director-Angreifer-koennen-Sicherheitsmechanismus-umgehen-10750030.html

Medienbericht

heise Security

https://supportportal.juniper.net/JSA103165

https://nvd.nist.gov/vuln/detail/CVE-2025-60004

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-60004

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-60004

EUVD