CVE-2025-21600: Junos OS and Junos OS Evolved: With certain BGP options enabled, receipt of specifically malformed BGP update causes RPD crash
First published: Thu Jan 09 2025(Updated: )
An Out-of-Bounds Read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects systems configured in either of two ways: * systems with BGP traceoptions enabled * systems with BGP family traffic-engineering (BGP-LS) configured and can be exploited from a directly connected and configured BGP peer. This issue affects iBGP and eBGP with any address family configured, and both IPv4 and IPv6 are affected by this vulnerability. This issue affects: Junos OS: * from 21.4 before 21.4R3-S9, * from 22.2 before 22.2R3-S5, * from 22.3 before 22.3R3-S4, * from 22.4 before 22.4R3-S5, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2-S3, * from 24.2 before 24.2R1-S2, 24.2R2; Junos OS Evolved: * from 21.4-EVO before 21.4R3-S9-EVO, * from 22.2-EVO before 22.2R3-S5-EVO, * from 22.3-EVO before 22.3R3-S4-EVO, * from 22.4-EVO before 22.4R3-S5-EVO, * from 23.2-EVO before 23.2R2-S3-EVO, * from 23.4-EVO before 23.4R2-S2-EVO, * from 24.2-EVO before 24.2R1-S2-EVO, 24.2R2-EVO. This issue does not affect versions of Junos OS prior to 21.3R1. This issue does not affect versions of Junos OS Evolved prior to 21.3R1-EVO. This is a similar, but different vulnerability than the issue reported as CVE-2024-39516.
Credit: sirt@juniper.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Juniper Junos | >=21.4<21.4R3-S9>=22.2<22.2R3-S5>=22.3<22.3R3-S4>=22.4<22.4R3-S5>=23.2<23.2R2-S3>=23.4<23.4R2-S3>=24.2<24.2R1-S2 | |
| Juniper Networks Junos OS | >=21.4-EVO<21.4R3-S9-EVO>=22.2-EVO<22.2R3-S5-EVO>=22.3-EVO<22.3R3-S4-EVO>=22.4-EVO<22.4R3-S5-EVO>=23.2-EVO<23.2R2-S3-EVO>=23.4-EVO<23.4R2-S2-EVO>=24.2-EVO<24.2R1-S2-EVO |
Remedy
The following software releases have been updated to resolve this specific issue: Junos OS: 21.4R3-S9, 22.2R3-S5, 22.3R3-S4, 22.4R3-S5, 23.2R2-S3, 23.4R2-S3, 24.2R1-S2, 24.2R2, 24.4R1, and all subsequent releases. Junos OS Evolved: 21.4R3-S9-EVO, 22.2R3-S5-EVO, 22.3R3-S4-EVO, 22.4R3-S5-EVO, 23.2R2-S3-EVO, 23.4R2-S2-EVO, 24.2R1-S2-EVO, 24.2R2-EVO, 24.4R1-EVO, and all subsequent releases.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-21600?
CVE-2025-21600 has a high severity rating due to its potential to cause crashes and unavailability of the routing protocol daemon.
How does CVE-2025-21600 affect Junos OS and Junos OS Evolved?
CVE-2025-21600 allows an unauthenticated BGP peer to send a malformed packet causing a denial of service by crashing the routing protocol daemon.
How do I fix CVE-2025-21600?
To fix CVE-2025-21600, apply the recommended software patches provided by Juniper Networks for the affected versions of Junos OS and Junos OS Evolved.
Who is affected by CVE-2025-21600?
Organizations using affected versions of Juniper Networks Junos OS and Junos OS Evolved are vulnerable to CVE-2025-21600.
What types of systems are impacted by CVE-2025-21600?
CVE-2025-21600 impacts systems running certain versions of Juniper Networks Junos OS and Junos OS Evolved, particularly those involving BGP peer configurations.
- agent/references
- agent/weakness
- agent/title
- agent/type
- agent/first-publish-date
- agent/remedy
- agent/author
- agent/severity
- agent/event
- agent/source
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/description
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/juniper networks
- canonical/juniper junos
- canonical/juniper networks junos os