CVE-2025-52961

An Uncontrolled Resource Consumption vulnerability in the Connectivity Fault Management (CFM) daemonand the Connectivity Fault Management Manager (cfmman)of Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016  allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).

An attacker on an adjacent device sending specific valid traffic can cause cfmd to spike the CPU to 100% and cfmman's memory to leak, eventually to cause the FPC crash and restart.

Continued receipt and processes of these specific valid packets will sustain the Denial of Service (DoS) condition.

An indicator of compromise is to watchfor an increase in cfmman memory rising over time by issuing the following command and evaluating theRSSnumber.If the RSS is growing into GBs then consider restarting the device to temporarily clear memory.
 
 user@device> show system processes node fpc<num> detail | match cfmman

Example:

 show system processes node fpc0 detail | match cfmman
 F S UID     PID   PPID  PGID  SID C PRI  NI ADDR SZ  WCHAN   RSS  PSR STIME TTY      TIME  CMD
 4 S root   15204   1  15204 15204  0  80 0 - 90802  -   113652 4 Sep25 ?     00:15:28 /usr/bin/cfmman -p /var/pfe -o -c /usr/conf/cfmman-cfg-active.xml
This issue affects Junos OS Evolved onPTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016:

  *  from 23.2R1-EVO before 23.2R2-S4-EVO, 
  *  from 23.4 before 23.4R2-S4-EVO, 
  *  from 24.2 before 24.2R2-EVO, 
  *  from 24.4 before 24.4R1-S2-EVO, 24.4R2-EVO.


This issue does not affect Junos OS Evolved onPTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016  before 23.2R1-EVO.