CVE-2025-52948

Juniper Networks Junos OS versions prior to 21.2R3-S9 Juniper Networks Junos OS versions 21.4 before 21.4R3-S10 Juniper Networks Junos OS versions 22.2 before 22.2R3-S6 Juniper Networks Junos OS versions 22.4 before 22.4R3-S7 Juniper Networks Junos OS versions 23.2 before 23.2R2-S3 Juniper Networks Junos OS versions 23.4 before 23.4R2-S3 Juniper Networks Junos OS versions 24.2 before 24.2R1-S1, 24.2R2

An Improper Handling of Exceptional Conditions vulnerability exists in Berkeley Packet Filter (BPF) processing. This can allow an attacker, in rare cases, to send specific traffic patterns that cause the Flexible Packet Control (FPC) and system to crash and restart. The issue is due to a race condition during BPF instance cloning, leading to internal structure leakage. This is more likely to occur when packet capturing is enabled.

Update to Junos OS version 21.2R3-S9 or later. Update to Junos OS version 21.4R3-S10 or later. Update to Junos OS version 22.2R3-S6 or later. Update to Junos OS version 22.4R3-S7 or later. Update to Junos OS version 23.2R2-S3 or later. Update to Junos OS version 23.4R2-S3 or later. Update to Junos OS version 24.2R1-S1 or later.