CVE-2025-60003

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 22.4R3-S8 Juniper Networks Junos OS versions 23.2 through 23.2R2-S5 Juniper Networks Junos OS versions 23.4 through 23.4R2-S6 Juniper Networks Junos OS versions 24.2 through 24.2R2-S2 Juniper Networks Junos OS versions 24.4 through 24.4R2 Juniper Networks Junos OS Evolved versions prior to 22.4R3-S8-EVO Juniper Networks Junos OS Evolved versions 23.2 through 23.2R2-S5-EVO Juniper Networks Junos OS Evolved versions 23.4 through 23.4R2-S6-EVO Juniper Networks Junos OS Evolved versions 24.2 through 24.2R2-S2-EVO Juniper Networks Junos OS Evolved versions 24.4 through 24.4R2-EVO

Description A buffer over-read issue exists in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved. An unauthenticated, network-based attacker can exploit this to cause a Denial-of-Service (DoS). The issue occurs when an affected device receives a BGP update containing specific optional transitive attributes over an established peering session. The rpd process will crash and restart when attempting to advertise the received information to another peer. This is only possible if one or both BGP peers are not 4-byte-AS capable, which is determined during BGP session establishment. The default behavior of Junos OS and Junos OS Evolved is 4-byte-AS capable unless explicitly disabled using the disable-4byte-as configuration. Established BGP sessions can be checked using the command show bgp neighbor <IP address> | match "4 byte AS".

Recommendations Update Junos OS to version 22.4R3-S8 or later. Update Junos OS version 23.2 to 23.2R2-S5 or later. Update Junos OS version 23.4 to 23.4R2-S6 or later. Update Junos OS version 24.2 to 24.2R2-S2 or later. Update Junos OS version 24.4 to 24.4R2 or later. Update Junos OS Evolved to version 22.4R3-S8-EVO or later. Update Junos OS Evolved version 23.2 to 23.2R2-S5-EVO or later. Update Junos OS Evolved version 23.4 to 23.4R2-S6-EVO or later. Update Junos OS Evolved version 24.2 to 24.2R2-S2-EVO or later. Update Junos OS Evolved version 24.4 to 24.4R2-EVO or later.