CVE-2025-52964

A Reachable Assertion vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).

When the device receives a specific BGP UPDATE packet, the rpd crashes and restarts. Continuous receipt of this specific packet will cause a sustained DoS condition.

For the issue to occur, BGP multipath with "pause-computation-during-churn" must be configured on the device, and the attacker must send the paths via a BGP UPDATE from a established BGP peer.

This issue affects:
Junos OS: 
  *  All versions before 21.4R3-S7, 
  *  from 22.3 before 22.3R3-S3, 
  *  from 22.4 before 22.4R3-S5, 
  *  from 23.2 before 23.2R2, 
  *  from 23.4 before 23.4R2.



Junos OS Evolved: 
  *  All versions before 21.4R3-S7-EVO, 
  *  from 22.3 before 22.3R3-S3-EVO, 
  *  from 22.4 before 22.4R3-S5-EVO, 
  *  from 23.2 before 23.2R2-EVO, 
  *  from 23.4 before 23.4R2-EVO.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
juniperCNA
6.5 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA-ADPADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://supportportal.juniper.net/JSA100080