CVE-2025-52984

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions prior to 21.2R3-S9 Juniper Networks Junos OS versions 21.4 prior to 21.4R3-S10 Juniper Networks Junos OS versions 22.2 prior to 22.2R3-S6 Juniper Networks Junos OS versions 22.4 prior to 22.4R3-S6 Juniper Networks Junos OS versions 23.2 prior to 23.2R2-S3 Juniper Networks Junos OS versions 23.4 prior to 23.4R2-S4 Juniper Networks Junos OS versions 24.2 prior to 24.2R1-S2, 24.2R2 Juniper Networks Junos OS Evolved versions prior to 22.4R3-S7-EVO Juniper Networks Junos OS Evolved versions 23.2-EVO prior to 23.2R2-S3-EVO Juniper Networks Junos OS Evolved versions 23.4-EVO prior to 23.4R2-S4-EVO Juniper Networks Junos OS Evolved versions 24.2-EVO prior to 24.2R2-EVO

Description: A NULL Pointer Dereference vulnerability exists in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved. An unauthenticated, network-based attacker can exploit this issue to impact the availability of the device. The vulnerability occurs when a static route points to a reject next hop and a gNMI query is processed for that static route, causing rpd to crash and restart.

Recommendations: Update to Junos OS version 21.2R3-S9 or later. Update to Junos OS version 21.4R3-S10 or later. Update to Junos OS version 22.2R3-S6 or later. Update to Junos OS version 22.4R3-S6 or later. Update to Junos OS version 23.2R2-S3 or later. Update to Junos OS version 23.4R2-S4 or later. Update to Junos OS version 24.2R1-S2 or later. Update to Junos OS Evolved version 22.4R3-S7-EVO or later. Update to Junos OS Evolved version 23.2R2-S3-EVO or later. Update to Junos OS Evolved version 23.4R2-S4-EVO or later. Update to Junos OS Evolved version 24.2R2-EVO or later.