CVE-2025-30647

Name of the Vulnerable Software and Affected Versions: Junos OS versions prior to 21.2R3-S9 Junos OS versions 21.4 through 21.4R3-S10 Junos OS versions 22.2 through 22.2R3-S6 Junos OS versions 22.4 through 22.4R3-S5 Junos OS versions 23.2 through 23.2R2-S3 Junos OS versions 23.4 through 23.4R2-S3 Junos OS versions 24.2 through 24.2R2

Description: A Missing Release of Memory after Effective Lifetime issue in the packet forwarding engine of Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial-of-Service. In a subscriber management scenario, login/logout activity triggers a memory leak, and the leaked memory gradually increments and eventually results in a crash.

Recommendations: For versions prior to 21.2R3-S9, update to 21.2R3-S9 or later. For versions 21.4 through 21.4R3-S10, update to 21.4R3-S10 or later. For versions 22.2 through 22.2R3-S6, update to 22.2R3-S6 or later. For versions 22.4 through 22.4R3-S5, update to 22.4R3-S5 or later. For versions 23.2 through 23.2R2-S3, update to 23.2R2-S3 or later. For versions 23.4 through 23.4R2-S3, update to 23.4R2-S3 or later. For versions 24.2 through 24.2R2, update to 24.2R2 or later.