PT-2025-41406 · Juniper Networks · Junos Evolved
Published
2025-10-09
·
Updated
2025-10-09
·
CVE-2025-59967
CVSS v4.0
7.1
High
| Vector | AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:C/RE:M/U:Green |
Name of the Vulnerable Software and Affected Versions
Juniper Networks Junos OS Evolved versions 23.2R2-EVO through 23.2R2-S4-EVO
Juniper Networks Junos OS Evolved versions 23.4R1-EVO through 23.4R2-EVO
Description
A NULL Pointer Dereference issue exists in the PFE management daemon (
evo-pfemand) of Juniper Networks Junos OS Evolved. This allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). The issue occurs when specific valid multicast traffic is received on any layer 3 interface, causing the evo-pfemand process to crash and restart. Continued receipt of this traffic can result in a sustained DoS attack. The issue affects IPv4 and IPv6.Recommendations
Update to Junos OS Evolved version 23.2R2-S4-EVO or later.
Update to Junos OS Evolved version 23.4R2 or later.
Fix
DoS
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Junos Evolved