CVE-2025-60011

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 22.4R3-S8 Juniper Networks Junos OS versions 23.2 before 23.2R2-S5 Juniper Networks Junos OS versions 23.4 before 23.4R2-S6 Juniper Networks Junos OS versions 24.2 before 24.2R2-S2 Juniper Networks Junos OS versions 24.4 before 24.4R2 Juniper Networks Junos OS Evolved versions prior to 22.4R3-S8-EVO Juniper Networks Junos OS Evolved versions 23.2 before 23.2R2-S5-EVO Juniper Networks Junos OS Evolved versions 23.4 before 23.4R2-S6-EVO Juniper Networks Junos OS Evolved versions 24.2 before 24.2R2-S2-EVO Juniper Networks Junos OS Evolved versions 24.4 before 24.4R2-EVO

Description An Improper Check for Unusual or Exceptional Conditions exists in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved. An unauthenticated, network-based attacker can disrupt availability for downstream devices. The issue occurs when an affected device receives a specific optional, transitive BGP attribute over an existing BGP session, which is then incorrectly modified before being sent to peers. When these peers detect the malformed attribute, they are likely to terminate BGP sessions, causing routing disruptions.

Recommendations Update Juniper Networks Junos OS to version 22.4R3-S8 or later. Update Juniper Networks Junos OS to version 23.2R2-S5 or later. Update Juniper Networks Junos OS to version 23.4R2-S6 or later. Update Juniper Networks Junos OS to version 24.2R2-S2 or later. Update Juniper Networks Junos OS to version 24.4R2 or later. Update Juniper Networks Junos OS Evolved to version 22.4R3-S8-EVO or later. Update Juniper Networks Junos OS Evolved to version 23.2R2-S5-EVO or later. Update Juniper Networks Junos OS Evolved to version 23.4R2-S6-EVO or later. Update Juniper Networks Junos OS Evolved to version 24.2R2-S2-EVO or later. Update Juniper Networks Junos OS Evolved to version 24.4R2-EVO or later.