CVE-2026-57025

MEDIUM

Junos OS and Junos OS Evolved: EX Series, QFX Series, MX Series: A specific 'show l2-learning' command causes l2ald crash

Title source: cna
STIX 2.1

Description

A Return of Pointer Value Outside of Expected Range vulnerability in the fileio library of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privilged attacker to cause a Denial-of-Service (DoS). On EX Series, QFX Series and MX Series a low-privileged attacker issuing a specific 'show l2-learning' command will cause an l2ald crash which will lead to a temporary service impact for all layer 2 services until the process has automatically restarted. This issue affects EX Series, QFX Series, MX Series: Junos OS: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S7, * 24.2 versions before 24.2R2, * 24.4 versions before 24.4R1-S2. Junos OS Evolved: * all versions before 23.2R2-S7-EVO, * 23.4 versions before 23.4R2-S8-EVO, * 24.2 versions before 24.2R2-EVO, * 24.4 versions before 24.4R1-S3-EVO.

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory
https://supportportal.juniper.net/JSA110085

Scores

CVSS v3 5.5
EPSS 0.0014
EPSS Percentile 3.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-466
Status published
Products (7)
juniper/junos 23.2 (11 CPE variants)
juniper/junos 23.4 (11 CPE variants)
juniper/junos 24.2 (4 CPE variants)
juniper/junos 24.4 (2 CPE variants)
juniper/junos < 23.2
juniper/junos_os_evolved 23.2 (11 CPE variants)
juniper/junos_os_evolved 23.4 (10 CPE variants)
Published Jul 09, 2026
Tracked Since Jul 10, 2026