U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

CVE-2025-21598 Detail

Description

An Out-of-bounds Read vulnerability in Juniper Networks Junos OS and Junos OS Evolved's routing protocol daemon (rpd) allows an unauthenticated, network-based attacker to send malformed BGP packets to a device configured with packet receive trace options enabled to crash rpd. This issue affects: Junos OS:  * from 21.2R3-S8 before 21.2R3-S9,  * from 21.4R3-S7 before 21.4R3-S9,  * from 22.2R3-S4 before 22.2R3-S5,  * from 22.3R3-S2 before 22.3R3-S4,  * from 22.4R3 before 22.4R3-S5,  * from 23.2R2 before 23.2R2-S2,  * from 23.4R1 before 23.4R2-S1,  * from 24.2R1 before 24.2R1-S1, 24.2R2. Junos OS Evolved: * from 21.4R3-S7-EVO before 21.4R3-S9-EVO,  * from 22.2R3-S4-EVO before 22.2R3-S5-EVO,  * from 22.3R3-S2-EVO before 22.3R3-S4-EVO,  * from 22.4R3-EVO before 22.4R3-S5-EVO,  * from 23.2R2-EVO before 23.2R2-S2-EVO,  * from 23.4R1-EVO before 23.4R2-S1-EVO,  * from 24.2R1-EVO before 24.2R1-S2-EVO, 24.2R2-EVO. This issue requires a BGP session to be established. This issue can propagate and multiply through multiple ASes until reaching vulnerable devices. This issue affects iBGP and eBGP. This issue affects IPv4 and IPv6. An indicator of compromise may be the presence of malformed update messages in a neighboring AS which is unaffected by this issue: For example, by issuing the command on the neighboring device:  show log messages Reviewing for similar messages from devices within proximity to each other may indicate this malformed packet is propagating:   rpd[<pid>]: Received malformed update from <IP address> (External AS <AS#>) and   rpd[<pid>]: Malformed Attribute


Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.
CVSS 4.0 Severity and Vector Strings:

NIST CVSS score
NIST: NVD
N/A
NVD assessment not yet provided.

Nist CVSS score does not match with CNA score
CNA:  Juniper Networks, Inc.
CVSS-B 8.2 HIGH
Vector:  CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/V:C/RE:M/U:Amber

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
https://supportportal.juniper.net/JSA92867
https://www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/statement/traceoptions-edit-protocols-bgp.html

Weakness Enumeration

CWE-ID CWE Name Source
CWE-125 Out-of-bounds Read Juniper Networks, Inc.  

Change History

1 change records found show changes

Quick Info

CVE Dictionary Entry:
CVE-2025-21598
NVD Published Date:
01/09/2025
NVD Last Modified:
01/09/2025
Source:
Juniper Networks, Inc.