CVE-2025-21595

Name of the Vulnerable Software and Affected Versions: Junos OS versions prior to 21.2R3-S7 Junos OS versions 21.4 prior to 21.4R3-S4 Junos OS versions 22.2 prior to 22.2R3-S1 Junos OS versions 22.3 prior to 22.3R3-S1 Junos OS versions 22.4 prior to 22.4R2-S2, 22.4R3 Junos OS Evolved versions prior to 21.2R3-S7-EVO Junos OS Evolved versions 21.4-EVO prior to 21.4R3-S4-EVO Junos OS Evolved versions 22.2-EVO prior to 22.2R3-S1-EVO Junos OS Evolved versions 22.3-EVO prior to 22.3R3-S1-EVO Junos OS Evolved versions 22.4-EVO prior to 22.4R3-EVO

Description: A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause an FPC to crash, leading to Denial of Service (DoS). This issue occurs when specific ARP packets are received on an IPv4 network, or specific NDP packets are received on an IPv6 network, resulting in kernel heap memory leaks, which eventually leads to an FPC crash and restart.

Recommendations: For Junos OS versions prior to 21.2R3-S7, update to version 21.2R3-S7 or later. For Junos OS versions 21.4 prior to 21.4R3-S4, update to version 21.4R3-S4 or later. For Junos OS versions 22.2 prior to 22.2R3-S1, update to version 22.2R3-S1 or later. For Junos OS versions 22.3 prior to 22.3R3-S1, update to version 22.3R3-S1 or later. For Junos OS versions 22.4 prior to 22.4R2-S2, 22.4R3, update to version 22.4R2-S2, 22.4R3 or later. For Junos OS Evolved versions prior to 21.2R3-S7-EVO, update to version 21.2R3-S7-EVO or later. For Junos OS Evolved versions 21.4-EVO prior to 21.4R3-S4-EVO, update to version 21.4R3-S4-EVO or later. For Junos OS Evolved versions 22.2-EVO prior to 22.2R3-S1-EVO, update to version 22.2R3-S1-EVO or later. For Junos OS Evolved versions 22.3-EVO prior to 22.3R3-S1-EVO, update to version 22.3R3-S1-EVO or later. For Junos OS Evolved versions 22.4-EVO prior to 22.4R3-EVO, update to version 22.4R3-EVO or later.