PT-2025-41399 · Juniper Networks · Junos+2
Published
2025-10-09
·
Updated
2025-12-01
·
CVE-2025-52960
CVSS v4.0
8.2
High
| Vector | AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X |
Name of the Vulnerable Software and Affected Versions
Juniper Networks Junos OS versions prior to 22.4R3-S7
Juniper Networks Junos OS versions 23.2 through 23.2R2-S4
Juniper Networks Junos OS versions 23.4 through 23.4R2-S5
Juniper Networks Junos OS versions 24.2 through 24.2R2
Description
A buffer copy issue exists in the Session Initialization Protocol (SIP) Application Layer Gateway (ALG) of Juniper Networks Junos OS on MX Series and SRX Series devices. An unauthenticated, network-based attacker can cause a Denial of Service (DoS) condition. Specifically, when memory utilization is high and certain SIP packets are received, the
flowd process crashes, disrupting service stability. Continuous receipt of these packets under high utilization can lead to a sustained DoS. The attacker does not control the memory utilization, making deterministic exploitation difficult.Recommendations
Upgrade to Junos OS version 22.4R3-S7 or later.
Upgrade to Junos OS version 23.2R2-S4 or later.
Upgrade to Junos OS version 23.4R2-S5 or later.
Upgrade to Junos OS version 24.2R2 or later.
Fix
DoS
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Junos
Mx Series
Srx Series