CVE-2025-60004

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions 23.4R2-S3 through 23.4R2-S5 Juniper Networks Junos OS versions 24.2R2 before 24.2R2-S1 Juniper Networks Junos OS versions 24.4 before 24.4R1-S3 and 24.4R2 Juniper Networks Junos OS Evolved versions 23.4R2-S2-EVO through 23.4R2-S5-EVO Juniper Networks Junos OS Evolved versions 24.2R2-EVO before 24.2R2-S1-EVO Juniper Networks Junos OS Evolved versions 24.4-EVO before 24.4R1-S3-EVO and 24.4R2-EVO

Description An improper check for unusual or exceptional conditions exists in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved. This allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS) by sending a specific BGP EVPN update message over an established BGP session. The issue affects both iBGP and eBGP over IPv4 and IPv6. A BGP EVPN configuration is not required for the system to be vulnerable. The rpd process crashes and restarts when receiving the crafted message.

Recommendations Update Junos OS to version 23.4R2-S5 or later. Update Junos OS to version 24.2R2-S1 or later. Update Junos OS to version 24.4R1-S3 or later, or 24.4R2. Update Junos OS Evolved to version 23.4R2-S5-EVO or later. Update Junos OS Evolved to version 24.2R2-S1-EVO or later. Update Junos OS Evolved to version 24.4R1-S3-EVO or later, or 24.4R2-EVO.