CVE-2025-52980

A Use of Incorrect Byte Ordering 

vulnerability 

in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS on SRX300 Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).



When aBGP update is received over an established BGP session which contains a specific, valid, optional, transitive path attribute, rpd will crash and restart.

This issue affects eBGP and iBGP over IPv4 and IPv6.



This issue affects:

Junos OS:



  *  22.1 versions from 22.1R1 before 22.2R3-S4,
  *  22.3 versions before 22.3R3-S3,
  *  22.4 versions before 22.4R3-S2,
  *  23.2 versions before 23.2R2,
  *  23.4 versions before 23.4R2.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
juniperCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://supportportal.juniper.net/JSA100084