CVE-2025-52980
HIGHJunos OS 22.1-23.4 Unauthenticated DoS via BGP Path Attribute
Title source: llmDescription
A Use of Incorrect Byte Ordering vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS on SRX300 Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When a BGP update is received over an established BGP session which contains a specific, valid, optional, transitive path attribute, rpd will crash and restart. This issue affects eBGP and iBGP over IPv4 and IPv6. This issue affects: Junos OS: * 22.1 versions from 22.1R1 before 22.2R3-S4, * 22.3 versions before 22.3R3-S3, * 22.4 versions before 22.4R3-S2, * 23.2 versions before 23.2R2, * 23.4 versions before 23.4R2.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://supportportal.juniper.net/JSA100084
Scores
CVSS v3
7.5
EPSS
0.0040
EPSS Percentile
61.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-198
Status
published
Products (5)
juniper/junos
22.1 r1 (10 CPE variants)
juniper/junos
22.3 (10 CPE variants)
juniper/junos
22.4 (9 CPE variants)
juniper/junos
23.2 (4 CPE variants)
juniper/junos
23.4 (4 CPE variants)
Published
Jul 11, 2025
Tracked Since
Feb 18, 2026