CVE-2025-52951

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions prior to 21.2R3-S9 Juniper Networks Junos OS versions 21.4 before 21.4R3-S11 Juniper Networks Junos OS versions 22.2 before 22.2R3-S7 Juniper Networks Junos OS versions 22.4 before 22.4R3-S7 Juniper Networks Junos OS versions 23.2 before 23.2R2-S4 Juniper Networks Junos OS versions 23.4 before 23.4R2-S5 Juniper Networks Junos OS versions 24.2 before 24.2R2-S1 Juniper Networks Junos OS versions 24.4 before 24.4R1-S2 and 24.4R2

Description: A protection mechanism failure exists in kernel filter processing. An attacker sending IPv6 traffic to an interface can bypass firewall filtering configured on the interface. This is due to the payload-protocol match not being supported, causing firewall filter terms to accept all packets without further action.

Recommendations: Update to Junos OS version 21.2R3-S9 or later. Update to Junos OS version 21.4R3-S11 or later. Update to Junos OS version 22.2R3-S7 or later. Update to Junos OS version 22.4R3-S7 or later. Update to Junos OS version 23.2R2-S4 or later. Update to Junos OS version 23.4R2-S5 or later. Update to Junos OS version 24.2R2-S1 or later. Update to Junos OS version 24.4R1-S2 or later.