CVE-2025-21596

Name of the Vulnerable Software and Affected Versions Junos OS versions prior to 21.4R3-S9 Junos OS versions 22.2 through 22.2R3-S5 Junos OS versions 22.3 through 22.3R3-S4 Junos OS versions 22.4 through 22.4R3-S4 Junos OS versions 23.2 through 23.2R2-S3 Junos OS versions 23.4 through 23.4R2-S1

Description The issue is related to improper handling of exceptional conditions in command-line processing, which can be exploited by a local, low-privileged authenticated attacker to cause a denial of service (DoS) by executing the show chassis environment pem command. This can lead to the chassis daemon (chassisd) crashing and restarting, and repeated execution of the command can cause the chassisd process to fail to restart, impacting packet processing on the system.

Recommendations For versions prior to 21.4R3-S9, update to version 21.4R3-S9 or later. For versions 22.2 through 22.2R3-S5, update to version 22.2R3-S5 or later. For versions 22.3 through 22.3R3-S4, update to version 22.3R3-S4 or later. For versions 22.4 through 22.4R3-S4, update to version 22.4R3-S4 or later. For versions 23.2 through 23.2R2-S3, update to version 23.2R2-S3 or later. For versions 23.4 through 23.4R2-S1, update to version 23.4R2-S1 or later. As a temporary workaround, consider restricting access to the show chassis environment pem command to minimize the risk of exploitation.