CVE-2025-30645

Name of the Vulnerable Software and Affected Versions: Junos OS versions prior to 21.2R3-S9 Junos OS versions from 21.4 before 21.4R3-S9 Junos OS versions from 22.2 before 22.2R3-S5 Junos OS versions from 22.4 before 22.4R3-S6 Junos OS versions from 23.2 before 23.2R2-S3 Junos OS versions from 23.4 before 23.4R2

Description: A NULL Pointer Dereference issue in the flow daemon of Juniper Networks Junos OS on SRX Series allows an attacker to cause a Denial of Service (DoS) by sending specific, valid control traffic out of a Dual-Stack (DS) Lite tunnel, resulting in the crash of the flowd process. Continuous triggering of this traffic will create a sustained DoS condition. This occurs when specific control traffic needs to be sent out of a DS-Lite tunnel, causing a segmentation fault within the flowd process and resulting in a network outage until the flowd process restarts.

Recommendations: For versions prior to 21.2R3-S9, update to 21.2R3-S9 or later. For versions from 21.4 before 21.4R3-S9, update to 21.4R3-S9 or later. For versions from 22.2 before 22.2R3-S5, update to 22.2R3-S5 or later. For versions from 22.4 before 22.4R3-S6, update to 22.4R3-S6 or later. For versions from 23.2 before 23.2R2-S3, update to 23.2R2-S3 or later. For versions from 23.4 before 23.4R2, update to 23.4R2 or later.