CVE-2025-52952
MEDIUMJuniper Junos < 22.2R3-S1 and 22.4-22.4R2 - Unauthenticated Denial of Service via CFM Daemon Malformed Packet
Title source: llmDescription
An Out-of-bounds Write vulnerability in the connectivity fault management (CFM) daemon of Juniper Networks Junos OS on MX Series with MPC-BUILTIN, MPC1 through MPC9 line cards allows an unauthenticated adjacent attacker to send a malformed packet to the device, leading to an FPC crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks: Junos OS: * All versions before 22.2R3-S1, * from 22.4 before 22.4R2. This feature is not enabled by default.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
https://supportportal.juniper.net/JSA100058
Product technical-description
https://www.juniper.net/documentation/us/en/software/junos/network-mgmt/topics/topic-map/cfm-configuring.html
Scores
CVSS v3
6.5
EPSS
0.0013
EPSS Percentile
32.2%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-787
Status
published
Products (3)
juniper/junos
22.2 (8 CPE variants)
juniper/junos
22.4 (4 CPE variants)
juniper/junos
< 22.2
Published
Jul 11, 2025
Tracked Since
Feb 18, 2026