medium
6.8
CWE
754
Advisory Published
Updated

CVE-2025-30655: Junos OS and Junos OS Evolved: A specific CLI command will cause an RPD crash when rib-sharding and update-threading is enabled

First published: Wed Apr 09 2025(Updated: )

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to cause a Denial-of-Service (DoS). When a specific "show bgp neighbor" CLI command is run, the rpd cpu utilization rises and eventually causes a crash and restart. Repeated use of this command will cause a sustained DoS condition.  The device is only affected if BGP RIB sharding and update-threading is enabled. This issue affects Junos OS:  * All versions before 21.2R3-S9,  * from 21.4 before 21.4R3-S8, * from 22.2 before 22.2R3-S6,  * from 22.4 before 22.4R3-S2,  * from 23.2 before 23.2R2-S3,  * from 23.4 before 23.4R2. and Junos OS Evolved:  * All versions before 21.2R3-S9-EVO,  * from 21.4-EVO before 21.4R3-S8-EVO,  * from 22.2-EVO before 22.2R3-S6-EVO,  * from 22.4-EVO before 22.4R3-S2-EVO,  * from 23.2-EVO before 23.2R2-S3-EVO,  * from 23.4-EVO before 23.4R2-EVO.

Credit: sirt@juniper.net

Affected SoftwareAffected VersionHow to fix
Juniper JUNOS<21.2R3-S9>=undefined>=undefined>=undefined>=undefined>=undefined
Juniper Networks Junos OS<21.2R3-S9-EVO>=undefined>=undefined>=undefined>=undefined>=undefined

Remedy

The following software releases have been updated to resolve this specific issue: Junos OS Evolved: 21.2R3-S9-EVO, 21.4R3-S8-EVO, 22.2R3-S6-EVO, 22.4R3-S2-EVO, 23.2R2-S3-EVO, 23.4R2-EVO, 24.2R1-EVO. Junos OS: 21.2R3-S9, 21.4R3-S8, 22.2R3-S6, 22.4R3-S2, 23.2R2-S3, 23.4R2, 24.2R1, and all subsequent releases.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2025-30655?

    CVE-2025-30655 has a high severity rating as it allows local low-privileged attackers to cause a Denial-of-Service.

  • How do I fix CVE-2025-30655?

    To mitigate CVE-2025-30655, upgrade your Junos OS or Junos OS Evolved to version 21.2R3-S10 or later.

  • Who is affected by CVE-2025-30655?

    CVE-2025-30655 affects users running Junos OS versions up to 21.2R3-S9 and Junos OS Evolved versions up to 21.2R3-S9-EVO.

  • What is the impact of CVE-2025-30655?

    The impact of CVE-2025-30655 is a potential Denial-of-Service condition caused by executing a specific CLI command.

  • Is there a workaround for CVE-2025-30655?

    Currently, there are no workarounds for CVE-2025-30655; the best action is to upgrade to the fixed versions.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203