The vulnerability originates in the packet forwarding engine of Juniper Networks Junos OS and is triggered when specific control protocol packets—VSTP Bridge Protocol Data Units (BPDUs)—are received on a UNI interface in a VXLAN configuration. Processing these BPDUs causes packet buffer allocation failures that lead to memory leaks and ultimately prevent the device from forwarding traffic. Because the flaw is an improper check for unusual or exceptional conditions, an attacker with no authentication who is in the local network segment can induce a full denial of service by simply sending the offending packets. The attacker gains no other privileges; the impact is limited to interrupting connectivity for all traffic passing through the affected device. The flaw is present in older releases of Junos OS that run on EX4k and QFX5k service‑provider edge devices. Versions prior to 24.4R2 in the 24.4 release line and prior to 25.2R1‑S1 or 25.2R2 in the 25.2 line are vulnerable. Devices running Junos OS releases before 24.4R1 are not affected. Risk assessment indicates a medium‑high severity with a CVSS score of 7.1. Exploit probability data is not provisioned, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. The likely attack vector is an unauthenticated network adversary adjacent to the device, sending crafted VSTP BPDUs over the UNI interface. The attack requires no special access privileges beyond network proximity, making the threat potentially realistic in shared or multi‑tenant environments.

Juniper Networks Junos OS running on EX and QFX Series devices, specifically EX4k and QFX5k platforms configured as service‑provider edge devices with Layer‑2 Protocol Tunneling enabled on the UNI and VSTP enabled on the NNI in VXLAN scenarios. Vulnerable releases include 24.4 versions earlier than 24.4R2 and 25.2 versions earlier than 25.2R1‑S1 or 25.2R2; earlier releases before 24.4R1 are not affected.

The vulnerability carries a CVSS score of 7.1, signifying a considerable impact on availability. Since EPSS data is not available, the exact exploitation likelihood remains uncertain, but the lack of authentication requirements and the requirement only for proximity to the target machine heighten the real‑world risk. The vulnerability is not yet catalogued as a known exploited vulnerability by CISA, which may indicate limited public exploitation but does not rule out the possibility that attackers have discovered or are experimenting with the flaw. The attack path is straightforward: an adjacent attacker sends VSTP BPDUs to the UNI interface, which the device processes and then fails to forward traffic, causing a denial of service until the device is restarted.