CVE-2025-30649

Name of the Vulnerable Software and Affected Versions: Junos OS versions prior to 22.2R3-S6 Junos OS versions from 22.4 before 22.4R3-S4 Junos OS versions from 23.2 before 23.2R2-S3 Junos OS versions from 23.4 before 23.4R2-S4 Junos OS versions from 24.2 before 24.2R1-S2, 24.2R2

Description: An Improper Input Validation issue in the syslog stream TCP transport of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to send specific spoofed packets, causing a CPU Denial of Service (DoS) to the MX-SPC3 SPUs. Continued receipt and processing of these packets will sustain the DoS condition. An indicator of compromise is a spike in SPC3 SPUs utilization, which can be checked using the command show services service-sets summary to look for high CPU usage.

Recommendations: For versions prior to 22.2R3-S6, update to 22.2R3-S6 or later. For versions from 22.4 before 22.4R3-S4, update to 22.4R3-S4 or later. For versions from 23.2 before 23.2R2-S3, update to 23.2R2-S3 or later. For versions from 23.4 before 23.4R2-S4, update to 23.4R2-S4 or later. For versions from 24.2 before 24.2R1-S2, 24.2R2, update to 24.2R1-S2 or later, or apply the 24.2R2 patch. As a temporary workaround, consider monitoring the CPU utilization of the SPC3 SPUs and restricting access to the syslog stream TCP transport to minimize the risk of exploitation.