CVE-2025-60004

Medienbericht

EPSS 0.06%
Veröffentlicht 09.10.2025 16:18:27
Zuletzt bearbeitet 23.01.2026 19:38:03
Quelle sirt@juniper.net
CVE-Watchlists
Login
Unerledigt
Login

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-Of-Service (DoS).

When an affected system receives a specific BGP EVPN update message over an established BGP session, this causes an rpd crash and restart.

A BGP EVPN configuration is not necessary to be vulnerable. If peers are not configured to send BGP EVPN updates to a vulnerable device, then this issue can't occur.

This issue affects iBGP and eBGP, over IPv4 and IPv6.


This issue affects:
Junos OS:
  *  23.4 versions from 

23.4R2-S3 before 23.4R2-S5,
  *  24.2 versions from 

24.2R2 

before 24.2R2-S1,
  *  24.4 versions before 24.4R1-S3, 24.4R2;



Junos OS Evolved:
  *  23.4-EVO versions from 23.4R2-S2-EVO before 23.4R2-S5-EVO,
  *  24.2-EVO versions from 24.2R2-EVO before 24.2R2-S1-EVO,
  *  24.4-EVO versions before 24.4R1-S3-EVO, 24.4R2-EVO.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Juniper ≫ Junos Version23.4 Updater2-s3

Juniper ≫ Junos Version23.4 Updater2-s4

Juniper ≫ Junos Version24.2 Updater2

Juniper ≫ Junos Version24.4 Update-

Juniper ≫ Junos Version24.4 Updater1

Juniper ≫ Junos Version24.4 Updater1-s2

Juniper ≫ Junos Version24.4 Updater2

Juniper ≫ Junos Os Evolved Version23.4 Updater2-s2

Juniper ≫ Junos Os Evolved Version23.4 Updater2-s3

Juniper ≫ Junos Os Evolved Version23.4 Updater2-s4

Juniper ≫ Junos Os Evolved Version24.2 Updater2

Juniper ≫ Junos Os Evolved Version24.4 Update-

Juniper ≫ Junos Os Evolved Version24.4 Updater1

Juniper ≫ Junos Os Evolved Version24.4 Updater1-s2

Juniper ≫ Junos Os Evolved Version24.4 Updater2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.199

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
sirt@juniper.net	8.7	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:X
sirt@juniper.net	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

https://www.heise.de/news/Juniper-Security-Director-Angreifer-koennen-Sicherheitsmechanismus-umgehen-10750030.html

Medienbericht

heise Security

10.10.2025 13:57

https://supportportal.juniper.net/JSA103165

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-60004

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-60004

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-60004

EUVD