CVE-2025-21600 - Vulnerability Details

Link	Providers
https://supportportal.juniper.net/JSA92870

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Type	Values Removed	Values Added
Description		An Out-of-Bounds Read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects systems configured in either of two ways: * systems with BGP traceoptions enabled * systems with BGP family traffic-engineering (BGP-LS) configured and can be exploited from a directly connected and configured BGP peer. This issue affects iBGP and eBGP with any address family configured, and both IPv4 and IPv6 are affected by this vulnerability. This issue affects: Junos OS: * All versions before 21.4R3-S9, * from 22.2 before 22.2R3-S5, * from 22.3 before 22.3R3-S4, * from 22.4 before 22.4R3-S5, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2-S3, * from 24.2 before 24.2R1-S2, 24.2R2; Junos OS Evolved: * All versions before 21.4R3-S9-EVO, * from 22.2 before 22.2R3-S5-EVO, * from 22.3 before 22.3R3-S4-EVO, * from 22.4 before 22.4R3-S5-EVO, * from 23.2 before 23.2R2-S3-EVO, * from 23.4 before 23.4R2-S2-EVO, * from 24.2 before 24.2R1-S2-EVO, 24.2R2-EVO. This is a similar, but different vulnerability than the issue reported as CVE-2024-39516.
Title		Junos OS and Junos OS Evolved: With certain BGP options enabled, receipt of specifically malformed BGP update causes RPD crash
Weaknesses		CWE-125
References		https://supportportal.juniper.net/JSA92870
Metrics		cvssV3_1 `{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}` cvssV4_0 `{'score': 7.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:N/R:A/V:C/RE:M/U:Green'}`

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-21600", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "state": "PUBLISHED", "assignerShortName": "juniper", "dateReserved": "2024-12-26T14:47:11.669Z", "datePublished": "2025-01-09T16:49:42.367Z", "dateUpdated": "2025-01-09T19:21:59.704Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Junos OS", "vendor": "Juniper Networks", "versions": [{"lessThan": "21.4R3-S9", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "22.2R3-S5", "status": "affected", "version": "22.2", "versionType": "semver"}, {"lessThan": "22.3R3-S4", "status": "affected", "version": "22.3", "versionType": "semver"}, {"lessThan": "22.4R3-S5", "status": "affected", "version": "22.4", "versionType": "semver"}, {"lessThan": "23.2R2-S3", "status": "affected", "version": "23.2", "versionType": "semver"}, {"lessThan": "23.4R2-S3", "status": "affected", "version": "23.4", "versionType": "semver"}, {"lessThan": "24.2R1-S2, 24.2R2", "status": "affected", "version": "24.2", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Junos OS Evolved", "vendor": "Juniper Networks", "versions": [{"lessThan": "21.4R3-S9-EVO", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "22.2R3-S5-EVO", "status": "affected", "version": "22.2", "versionType": "semver"}, {"lessThan": "22.3R3-S4-EVO", "status": "affected", "version": "22.3", "versionType": "semver"}, {"lessThan": "22.4R3-S5-EVO", "status": "affected", "version": "22.4", "versionType": "semver"}, {"lessThan": "23.2R2-S3-EVO", "status": "affected", "version": "23.2", "versionType": "semver"}, {"lessThan": "23.4R2-S2-EVO", "status": "affected", "version": "23.4", "versionType": "semver"}, {"lessThan": "24.2R1-S2-EVO, 24.2R2-EVO", "status": "affected", "version": "24.2", "versionType": "semver"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "One of the following traceoptions configurations, either at the top level, under [logical-systems], or [routing-instances], is required to be potentially exposed to this issue: <tt>[protocols bgp traceoptions packets detail] [protocols bgp traceoptions update detail] </tt><tt>[protocols bgp group <group-name> traceoptions packets detail] </tt><tt>[protocols bgp group <group-name> traceoptions update detail] <tt>[protocols bgp group <group-name> neighbor <address> traceoptions packets detail]</tt> [protocols bgp group <group-name> neighbor <address> traceoptions update detail]</tt> \n\nSystems configured with BGP traffic engineering are also vulnerable to this issue: <tt>[protocols bgp group <name> family traffic-engineering unicast]</tt>"}], "value": "One of the following traceoptions configurations, either at the top level, under [logical-systems], or [routing-instances], is required to be potentially exposed to this issue:\n\n[protocols bgp traceoptions packets detail]\n[protocols bgp traceoptions update detail]\n[protocols bgp group <group-name> traceoptions packets detail]\n[protocols bgp group <group-name> traceoptions update detail]\n[protocols bgp group <group-name> neighbor <address> traceoptions packets detail]\n[protocols bgp group <group-name> neighbor <address> traceoptions update detail]\n\n\n\nSystems configured with BGP traffic engineering are also vulnerable to this issue:\n\n[protocols bgp group <name> family traffic-engineering unicast]"}], "credits": [{"lang": "en", "type": "finder", "value": "Juniper SIRT would like to acknowledge and thank Craig Dods from Meta\u2019s Infrastructure Security Engineering team for responsibly reporting this vulnerability."}], "datePublic": "2025-01-08T17:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An Out-of-Bounds Read vulnerability in\n\nthe routing protocol daemon (rpd) of \n\n Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. \n\nThis issue only affects systems configured in\n either of two ways: \n \n <ol>\n <li>systems with BGP traceoptions enabled</li>\n <li>systems with BGP family traffic-engineering (BGP-LS)\n configured</li></ol>\n\n and can be exploited from a directly connected and configured BGP peer.  This issue affects iBGP and eBGP \n\nwith \n\nany address family\n\n configured, and both IPv4 and IPv6 are affected by this vulnerability. This issue affects:Junos OS: <ul><li>All versions before 21.4R3-S9, </li><li>from 22.2 before 22.2R3-S5, </li><li>from 22.3 before 22.3R3-S4, </li><li>from 22.4 before 22.4R3-S5, </li><li>from 23.2 before 23.2R2-S3, </li><li>from 23.4 before 23.4R2-S3, </li><li>from 24.2 before 24.2R1-S2, 24.2R2; </li></ul>Junos OS Evolved: <ul><li>All versions before 21.4R3-S9-EVO, </li><li>from 22.2 before 22.2R3-S5-EVO, </li><li>from 22.3 before 22.3R3-S4-EVO, </li><li>from 22.4 before 22.4R3-S5-EVO, </li><li>from 23.2 before 23.2R2-S3-EVO, </li><li>from 23.4 before 23.4R2-S2-EVO, </li><li>from 24.2 before 24.2R1-S2-EVO, 24.2R2-EVO.</li></ul> This is a similar, but different vulnerability than the issue reported as CVE-2024-39516."}], "value": "An Out-of-Bounds Read vulnerability in\n\nthe routing protocol daemon (rpd) of \n\n Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\n\n\n\nThis issue only affects systems configured in\n either of two ways:\n\n \n \n * systems with BGP traceoptions enabled\n\n * systems with BGP family traffic-engineering (BGP-LS)\n configured\n\n\n and can be exploited from a directly connected and configured BGP peer.\u00a0\n\nThis issue affects iBGP and eBGP \n\nwith \n\nany address family\n\n configured, and both IPv4 and IPv6 are affected by this vulnerability.\n\nThis issue affects:\n\nJunos OS:\u00a0\n\n\n\n * All versions before 21.4R3-S9,\u00a0\n * from 22.2 before 22.2R3-S5,\u00a0\n * from 22.3 before 22.3R3-S4,\u00a0\n * from 22.4 before 22.4R3-S5,\u00a0\n * from 23.2 before 23.2R2-S3,\u00a0\n * from 23.4 before 23.4R2-S3,\u00a0\n * from 24.2 before 24.2R1-S2, 24.2R2;\u00a0\n\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n * All versions before 21.4R3-S9-EVO,\u00a0\n * from 22.2 before 22.2R3-S5-EVO,\u00a0\n * from 22.3 before 22.3R3-S4-EVO,\u00a0\n * from 22.4 before 22.4R3-S5-EVO,\u00a0\n * from 23.2 before 23.2R2-S3-EVO,\u00a0\n * from 23.4 before 23.4R2-S2-EVO,\u00a0\n * from 24.2 before 24.2R1-S2-EVO, 24.2R2-EVO.\n\n\n\nThis is a similar, but different vulnerability than the issue reported as CVE-2024-39516."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NO", "Recovery": "AUTOMATIC", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 7.1, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "GREEN", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:N/R:A/V:C/RE:M/U:Green", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2025-01-09T16:49:42.367Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://supportportal.juniper.net/JSA92870"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: Junos OS: 21.4R3-S9, 22.2R3-S5, 22.3R3-S4, 22.4R3-S5, 23.2R2-S3, 23.4R2-S3, 24.2R1-S2, 24.2R2, 24.4R1, and all subsequent releases. Junos OS Evolved: 21.4R3-S9-EVO, 22.2R3-S5-EVO, 22.3R3-S4-EVO, 22.4R3-S5-EVO, 23.2R2-S3-EVO, 23.4R2-S2-EVO, 24.2R1-S2-EVO, 24.2R2-EVO, 24.4R1-EVO, and all subsequent releases. "}], "value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 21.4R3-S9, 22.2R3-S5, 22.3R3-S4, 22.4R3-S5, 23.2R2-S3, 23.4R2-S3, 24.2R1-S2, 24.2R2, 24.4R1, and all subsequent releases.\nJunos OS Evolved: 21.4R3-S9-EVO, 22.2R3-S5-EVO, 22.3R3-S4-EVO, 22.4R3-S5-EVO, 23.2R2-S3-EVO, 23.4R2-S2-EVO, 24.2R1-S2-EVO, 24.2R2-EVO, 24.4R1-EVO, and all subsequent releases."}], "source": {"advisory": "JSA92870", "defect": ["1823612"], "discovery": "EXTERNAL"}, "title": "Junos OS and Junos OS Evolved: With certain BGP options enabled, receipt of specifically malformed BGP update causes RPD crash", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "If BGP traceoptions are enabled, and traffic engineering is not configured, disable BGP traceoptions if they are not being used for active troubleshooting."}], "value": "If BGP traceoptions are enabled, and traffic engineering is not configured, disable BGP traceoptions if they are not being used for active troubleshooting."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-09T19:17:42.343288Z", "id": "CVE-2025-21600", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-09T19:21:59.704Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-21600", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-09T19:17:42.343288Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-09T19:20:19.984Z"}}], "cna": {"title": "Junos OS and Junos OS Evolved: With certain BGP options enabled, receipt of specifically malformed BGP update causes RPD crash", "source": {"defect": ["1823612"], "advisory": "JSA92870", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Juniper SIRT would like to acknowledge and thank Craig Dods from Meta\u2019s Infrastructure Security Engineering team for responsibly reporting this vulnerability."}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "AUTOMATIC", "baseScore": 7.1, "Automatable": "NO", "attackVector": "ADJACENT", "baseSeverity": "HIGH", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:N/R:A/V:C/RE:M/U:Green", "providerUrgency": "GREEN", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Juniper Networks", "product": "Junos OS", "versions": [{"status": "affected", "version": "0", "lessThan": "21.4R3-S9", "versionType": "semver"}, {"status": "affected", "version": "22.2", "lessThan": "22.2R3-S5", "versionType": "semver"}, {"status": "affected", "version": "22.3", "lessThan": "22.3R3-S4", "versionType": "semver"}, {"status": "affected", "version": "22.4", "lessThan": "22.4R3-S5", "versionType": "semver"}, {"status": "affected", "version": "23.2", "lessThan": "23.2R2-S3", "versionType": "semver"}, {"status": "affected", "version": "23.4", "lessThan": "23.4R2-S3", "versionType": "semver"}, {"status": "affected", "version": "24.2", "lessThan": "24.2R1-S2, 24.2R2", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Juniper Networks", "product": "Junos OS Evolved", "versions": [{"status": "affected", "version": "0", "lessThan": "21.4R3-S9-EVO", "versionType": "semver"}, {"status": "affected", "version": "22.2", "lessThan": "22.2R3-S5-EVO", "versionType": "semver"}, {"status": "affected", "version": "22.3", "lessThan": "22.3R3-S4-EVO", "versionType": "semver"}, {"status": "affected", "version": "22.4", "lessThan": "22.4R3-S5-EVO", "versionType": "semver"}, {"status": "affected", "version": "23.2", "lessThan": "23.2R2-S3-EVO", "versionType": "semver"}, {"status": "affected", "version": "23.4", "lessThan": "23.4R2-S2-EVO", "versionType": "semver"}, {"status": "affected", "version": "24.2", "lessThan": "24.2R1-S2-EVO, 24.2R2-EVO", "versionType": "semver"}], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", "supportingMedia": [{"type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", "base64": false}]}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 21.4R3-S9, 22.2R3-S5, 22.3R3-S4, 22.4R3-S5, 23.2R2-S3, 23.4R2-S3, 24.2R1-S2, 24.2R2, 24.4R1, and all subsequent releases.\nJunos OS Evolved: 21.4R3-S9-EVO, 22.2R3-S5-EVO, 22.3R3-S4-EVO, 22.4R3-S5-EVO, 23.2R2-S3-EVO, 23.4R2-S2-EVO, 24.2R1-S2-EVO, 24.2R2-EVO, 24.4R1-EVO, and all subsequent releases.", "supportingMedia": [{"type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: Junos OS: 21.4R3-S9, 22.2R3-S5, 22.3R3-S4, 22.4R3-S5, 23.2R2-S3, 23.4R2-S3, 24.2R1-S2, 24.2R2, 24.4R1, and all subsequent releases. Junos OS Evolved: 21.4R3-S9-EVO, 22.2R3-S5-EVO, 22.3R3-S4-EVO, 22.4R3-S5-EVO, 23.2R2-S3-EVO, 23.4R2-S2-EVO, 24.2R1-S2-EVO, 24.2R2-EVO, 24.4R1-EVO, and all subsequent releases. ", "base64": false}]}], "datePublic": "2025-01-08T17:00:00.000Z", "references": [{"url": "https://supportportal.juniper.net/JSA92870", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "If BGP traceoptions are enabled, and traffic engineering is not configured, disable BGP traceoptions if they are not being used for active troubleshooting.", "supportingMedia": [{"type": "text/html", "value": "If BGP traceoptions are enabled, and traffic engineering is not configured, disable BGP traceoptions if they are not being used for active troubleshooting.", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An Out-of-Bounds Read vulnerability in\n\nthe routing protocol daemon (rpd) of \n\n Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\n\n\n\nThis issue only affects systems configured in\n either of two ways:\n\n \n \n * systems with BGP traceoptions enabled\n\n * systems with BGP family traffic-engineering (BGP-LS)\n configured\n\n\n and can be exploited from a directly connected and configured BGP peer.\u00a0\n\nThis issue affects iBGP and eBGP \n\nwith \n\nany address family\n\n configured, and both IPv4 and IPv6 are affected by this vulnerability.\n\nThis issue affects:\n\nJunos OS:\u00a0\n\n\n\n * All versions before 21.4R3-S9,\u00a0\n * from 22.2 before 22.2R3-S5,\u00a0\n * from 22.3 before 22.3R3-S4,\u00a0\n * from 22.4 before 22.4R3-S5,\u00a0\n * from 23.2 before 23.2R2-S3,\u00a0\n * from 23.4 before 23.4R2-S3,\u00a0\n * from 24.2 before 24.2R1-S2, 24.2R2;\u00a0\n\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n * All versions before 21.4R3-S9-EVO,\u00a0\n * from 22.2 before 22.2R3-S5-EVO,\u00a0\n * from 22.3 before 22.3R3-S4-EVO,\u00a0\n * from 22.4 before 22.4R3-S5-EVO,\u00a0\n * from 23.2 before 23.2R2-S3-EVO,\u00a0\n * from 23.4 before 23.4R2-S2-EVO,\u00a0\n * from 24.2 before 24.2R1-S2-EVO, 24.2R2-EVO.\n\n\n\nThis is a similar, but different vulnerability than the issue reported as CVE-2024-39516.", "supportingMedia": [{"type": "text/html", "value": "An Out-of-Bounds Read vulnerability in\n\nthe routing protocol daemon (rpd) of \n\n Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. \n\nThis issue only affects systems configured in\n either of two ways: \n \n <ol>\n <li>systems with BGP traceoptions enabled</li>\n <li>systems with BGP family traffic-engineering (BGP-LS)\n configured</li></ol>\n\n and can be exploited from a directly connected and configured BGP peer.  This issue affects iBGP and eBGP \n\nwith \n\nany address family\n\n configured, and both IPv4 and IPv6 are affected by this vulnerability. This issue affects:Junos OS: <ul><li>All versions before 21.4R3-S9, </li><li>from 22.2 before 22.2R3-S5, </li><li>from 22.3 before 22.3R3-S4, </li><li>from 22.4 before 22.4R3-S5, </li><li>from 23.2 before 23.2R2-S3, </li><li>from 23.4 before 23.4R2-S3, </li><li>from 24.2 before 24.2R1-S2, 24.2R2; </li></ul>Junos OS Evolved: <ul><li>All versions before 21.4R3-S9-EVO, </li><li>from 22.2 before 22.2R3-S5-EVO, </li><li>from 22.3 before 22.3R3-S4-EVO, </li><li>from 22.4 before 22.4R3-S5-EVO, </li><li>from 23.2 before 23.2R2-S3-EVO, </li><li>from 23.4 before 23.4R2-S2-EVO, </li><li>from 24.2 before 24.2R1-S2-EVO, 24.2R2-EVO.</li></ul> This is a similar, but different vulnerability than the issue reported as CVE-2024-39516.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read"}]}], "configurations": [{"lang": "en", "value": "One of the following traceoptions configurations, either at the top level, under [logical-systems], or [routing-instances], is required to be potentially exposed to this issue:\n\n[protocols bgp traceoptions packets detail]\n[protocols bgp traceoptions update detail]\n[protocols bgp group <group-name> traceoptions packets detail]\n[protocols bgp group <group-name> traceoptions update detail]\n[protocols bgp group <group-name> neighbor <address> traceoptions packets detail]\n[protocols bgp group <group-name> neighbor <address> traceoptions update detail]\n\n\n\nSystems configured with BGP traffic engineering are also vulnerable to this issue:\n\n[protocols bgp group <name> family traffic-engineering unicast]", "supportingMedia": [{"type": "text/html", "value": "One of the following traceoptions configurations, either at the top level, under [logical-systems], or [routing-instances], is required to be potentially exposed to this issue: <tt>[protocols bgp traceoptions packets detail] [protocols bgp traceoptions update detail] </tt><tt>[protocols bgp group <group-name> traceoptions packets detail] </tt><tt>[protocols bgp group <group-name> traceoptions update detail] <tt>[protocols bgp group <group-name> neighbor <address> traceoptions packets detail]</tt> [protocols bgp group <group-name> neighbor <address> traceoptions update detail]</tt> \n\nSystems configured with BGP traffic engineering are also vulnerable to this issue: <tt>[protocols bgp group <name> family traffic-engineering unicast]</tt>", "base64": false}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2025-01-09T16:49:42.367Z"}}}, "cveMetadata": {"cveId": "CVE-2025-21600", "state": "PUBLISHED", "dateUpdated": "2025-01-09T19:21:59.704Z", "dateReserved": "2024-12-26T14:47:11.669Z", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "datePublished": "2025-01-09T16:49:42.367Z", "assignerShortName": "juniper"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An Out-of-Bounds Read vulnerability in\n\nthe routing protocol daemon (rpd) of \n\n Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\n\n\n\nThis issue only affects systems configured in\n either of two ways:\n\n \n \n * systems with BGP traceoptions enabled\n\n * systems with BGP family traffic-engineering (BGP-LS)\n configured\n\n\n and can be exploited from a directly connected and configured BGP peer.\u00a0\n\nThis issue affects iBGP and eBGP \n\nwith \n\nany address family\n\n configured, and both IPv4 and IPv6 are affected by this vulnerability.\n\nThis issue affects:\n\nJunos OS:\u00a0\n\n\n\n * All versions before 21.4R3-S9,\u00a0\n * from 22.2 before 22.2R3-S5,\u00a0\n * from 22.3 before 22.3R3-S4,\u00a0\n * from 22.4 before 22.4R3-S5,\u00a0\n * from 23.2 before 23.2R2-S3,\u00a0\n * from 23.4 before 23.4R2-S3,\u00a0\n * from 24.2 before 24.2R1-S2, 24.2R2;\u00a0\n\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n * All versions before 21.4R3-S9-EVO,\u00a0\n * from 22.2 before 22.2R3-S5-EVO,\u00a0\n * from 22.3 before 22.3R3-S4-EVO,\u00a0\n * from 22.4 before 22.4R3-S5-EVO,\u00a0\n * from 23.2 before 23.2R2-S3-EVO,\u00a0\n * from 23.4 before 23.4R2-S2-EVO,\u00a0\n * from 24.2 before 24.2R1-S2-EVO, 24.2R2-EVO.\n\n\n\nThis is a similar, but different vulnerability than the issue reported as CVE-2024-39516."}], "id": "CVE-2025-21600", "lastModified": "2025-01-09T17:15:18.960", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "sirt@juniper.net", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "automatable": "NO", "availabilityRequirements": "NOT_DEFINED", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "GREEN", "recovery": "AUTOMATIC", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "LOW", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:C/RE:M/U:Green", "version": "4.0", "vulnerabilityResponseEffort": "MODERATE", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "NONE"}, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2025-01-09T17:15:18.960", "references": [{"source": "sirt@juniper.net", "url": "https://supportportal.juniper.net/JSA92870"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "sirt@juniper.net", "type": "Primary"}]}

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact Low

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact Low

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object