high
7.1
CWE
195
Advisory Published
Updated

CVE-2025-30646: Junos OS and Junos OS Evolved: Receipt of a malformed LLDP TLV results in l2cpd crash

First published: Wed Apr 09 2025(Updated: )

A Signed to Unsigned Conversion Error vulnerability in the Layer 2 Control Protocol daemon (l2cpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated adjacent attacker sending a specifically malformed LLDP TLV to cause the l2cpd process to crash and restart, causing a Denial of Service (DoS).  Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. When an LLDP telemetry subscription is active, receipt of a specifically malformed LLDP TLV causes the l2cpd process to crash and restart. This issue affects: Junos OS: * All versions before 21.2R3-S9,  * from 21.4 before 21.4R3-S10,  * from 22.2 before 22.2R3-S6,  * from 22.4 before 22.4R3-S6,  * from 23.2 before 23.2R2-S3,  * from 23.4 before 23.4R2-S4,  * from 24.2 before 24.2R2;  Junos OS Evolved:  * All versions before 21.4R3-S10-EVO, * from 22.2-EVO before 22.2R3-S6-EVO,  * from 22.4-EVO before 22.4R3-S6-EVO,  * from 23.2-EVO before 23.2R2-S3-EVO,  * from 23.4-EVO before 23.4R2-S4-EVO,  * from 24.2-EVO before 24.2R2-EVO.

Credit: sirt@juniper.net

Affected SoftwareAffected VersionHow to fix
Juniper JUNOS<21.2R3-S9>=undefined>=undefined>=undefined>=undefined>=undefined>=undefined
Juniper Networks Junos OS<21.4R3-S10-EVO>=undefined>=undefined>=undefined>=undefined>=undefined

Remedy

The following software releases have been updated to resolve this specific issue:  Junos OS: 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3-S6, 23.2R2-S3, 23.4R2-S4, 24.2R2, 24.4R1, and all subsequent releases. Junos OS Evolved: 21.4R3-S10-EVO, 22.2R3-S6-EVO, 22.4R3-S6-EVO, 23.2R2-S3-EVO, 23.4R2-S4-EVO, 24.2R2-EVO, 24.4R1-EVO, and all subsequent releases.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2025-30646?

    CVE-2025-30646 has been classified as a high severity vulnerability.

  • How do I fix CVE-2025-30646?

    To mitigate CVE-2025-30646, apply the security patches provided by Juniper for affected versions of Junos OS.

  • Who is affected by CVE-2025-30646?

    CVE-2025-30646 affects Juniper Networks Junos OS versions up to 21.2R3-S9 and Junos OS Evolved versions up to 21.4R3-S10-EVO.

  • What does CVE-2025-30646 exploit?

    CVE-2025-30646 exploits a signed to unsigned conversion error in the Layer 2 Control Protocol daemon.

  • What type of attack can CVE-2025-30646 facilitate?

    CVE-2025-30646 allows an unauthenticated adjacent attacker to disrupt the l2cpd process by sending a specifically malformed LLDP TLV.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203