U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database

Vulnerability Change Records for CVE-2025-21600

Change History

CVE Modified by Juniper Networks, Inc. 1/27/2025 5:15:14 PM

Action Type Old Value New Value
Changed Description 
An Out-of-Bounds Read vulnerability in

the routing protocol daemon (rpd) of 

 Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.



This issue only affects systems configured in
      either of two ways:

    
    
        *  systems with BGP traceoptions enabled

        *  systems with BGP family traffic-engineering (BGP-LS)
          configured


 and can be exploited from a directly connected and configured BGP peer. 

This issue affects iBGP and eBGP 

with 

any address family

 configured, and both IPv4 and IPv6 are affected by this vulnerability.

This issue affects:

Junos OS: 



  *  All versions before 21.4R3-S9, 
  *  from 22.2 before 22.2R3-S5, 
  *  from 22.3 before 22.3R3-S4, 
  *  from 22.4 before 22.4R3-S5, 
  *  from 23.2 before 23.2R2-S3, 
  *  from 23.4 before 23.4R2-S3, 
  *  from 24.2 before 24.2R1-S2, 24.2R2; 




Junos OS Evolved: 



  *  All versions before 21.4R3-S9-EVO, 
  *  from 22.2 before 22.2R3-S5-EVO, 
  *  from 22.3 before 22.3R3-S4-EVO, 
  *  from 22.4 before 22.4R3-S5-EVO, 
  *  from 23.2 before 23.2R2-S3-EVO, 
  *  from 23.4 before 23.4R2-S2-EVO, 
  *  from 24.2 before 24.2R1-S2-EVO, 24.2R2-EVO.



This is a similar, but different vulnerability than the issue reported as CVE-2024-39516.
 
An Out-of-Bounds Read vulnerability in

the routing protocol daemon (rpd) of 

 Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.



This issue only affects systems configured in
      either of two ways:

    
    
        *  systems with BGP traceoptions enabled

        *  systems with BGP family traffic-engineering (BGP-LS)
          configured


 and can be exploited from a directly connected and configured BGP peer. 

This issue affects iBGP and eBGP 

with 

any address family

 configured, and both IPv4 and IPv6 are affected by this vulnerability.

This issue affects:

Junos OS: 



  *  

from 21.4 before 21.4R3-S9, 
  *  from 22.2 before 22.2R3-S5, 
  *  from 22.3 before 22.3R3-S4, 
  *  from 22.4 before 22.4R3-S5, 
  *  from 23.2 before 23.2R2-S3, 
  *  from 23.4 before 23.4R2-S3, 
  *  from 24.2 before 24.2R1-S2, 24.2R2; 




Junos OS Evolved: 



  *  from 21.4-EVO before 21.4R3-S9-EVO, 
  *  from 22.2-EVO before 22.2R3-S5-EVO, 
  *  from 22.3-EVO before 22.3R3-S4-EVO, 
  *  from 22.4-EVO before 22.4R3-S5-EVO, 
  *  from 23.2-EVO before 23.2R2-S3-EVO, 
  *  from 23.4-EVO before 23.4R2-S2-EVO, 
  *  from 24.2-EVO before 24.2R1-S2-EVO, 24.2R2-EVO.


This issue does not affect versions of Junos OS prior to 21.3R1.


This issue does not affect versions of Junos OS Evolved prior to 21.3R1-EVO.



This is a similar, but different vulnerability than the issue reported as CVE-2024-39516.