CVE-2025-59960

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 21.2R3-S10 Juniper Networks Junos OS versions 21.4 before 21.4R3-S12 Juniper Networks Junos OS version 22.2 Juniper Networks Junos OS versions 22.4 before 22.4R3-S8 Juniper Networks Junos OS versions 23.2 before 23.2R2-S5 Juniper Networks Junos OS versions 23.4 before 23.4R2-S6 Juniper Networks Junos OS versions 24.2 before 24.2R2-S2 Juniper Networks Junos OS versions 24.4 before 24.4R2 Juniper Networks Junos OS versions 25.2 before 25.2R1-S1 and 25.2R2 Juniper Networks Junos OS Evolved versions prior to 21.4R3-S12-EVO Juniper Networks Junos OS Evolved version 22.2-EVO Juniper Networks Junos OS Evolved versions 22.4 before 22.4R3-S8-EVO Juniper Networks Junos OS Evolved versions 23.2 before 23.2R2-S5-EVO Juniper Networks Junos OS Evolved versions 23.4 before 23.4R2-S6-EVO Juniper Networks Junos OS Evolved versions 24.2 before 24.2R2-S2-EVO Juniper Networks Junos OS Evolved versions 24.4 before 24.4R2-EVO Juniper Networks Junos OS Evolved versions 25.2 before 25.2R1-S1-EVO and 25.2R2-EVO

Description An issue exists in the Juniper DHCP service (jdhcpd) that can lead to a Denial of Service (DoS). The problem occurs when a DHCP relay agent improperly handles DHCP DISCOVER messages containing Option 82 in 'forward-only' mode. Specifically, the device fails to drop these messages when 'trust-option82' is not configured, and instead forwards them unmodified to the DHCP server. This can cause the DHCP server's address pools to be exhausted, impacting downstream DHCP services. The issue arises from an improper check for unusual or exceptional conditions.

Recommendations Update Juniper Networks Junos OS to version 21.2R3-S10 or later. Update Juniper Networks Junos OS to version 21.4R3-S12 or later. Update Juniper Networks Junos OS to a version after 22.2. Update Juniper Networks Junos OS to version 22.4R3-S8 or later. Update Juniper Networks Junos OS to version 23.2R2-S5 or later. Update Juniper Networks Junos OS to version 23.4R2-S6 or later. Update Juniper Networks Junos OS to version 24.2R2-S2 or later. Update Juniper Networks Junos OS to version 24.4R2 or later. Update Juniper Networks Junos OS to version 25.2R1-S1 or later, or to 25.2R2. Update Juniper Networks Junos OS Evolved to version 21.4R3-S12-EVO or later. Update Juniper Networks Junos OS Evolved to a version after 22.2-EVO. Update Juniper Networks Junos OS Evolved to version 22.4R3-S8-EVO or later. Update Juniper Networks Junos OS Evolved to version 23.2R2-S5-EVO or later. Update Juniper Networks Junos OS Evolved to version 23.4R2-S6-EVO or later. Update Juniper Networks Junos OS Evolved to version 24.2R2-S2-EVO or later. Update Juniper Networks Junos OS Evolved to version 24.4R2-EVO or later. Update Juniper Networks Junos OS Evolved to version 25.2R1-S1-EVO or later, or to 25.2R2-EVO.