CVE-2025-59964

EUVD-2025-33397

09.10.2025, 16:15

A Use of Uninitialized Resource vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX4700 devices allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).

When forwarding-options sampling is enabled, receipt of any traffic destined to the Routing Engine (RE) by the PFE line card leads to an FPC crash and restart, resulting in a Denial of Service (DoS). 

Continued receipt and processing of any traffic leading to the RE by the PFE line card will create a sustained Denial of Service (DoS) condition to the PFE line card.


This issue affects Junos OS on SRX4700: 



  *  from 24.4 before 24.4R1-S3, 24.4R2


This issue affects IPv4 and IPv6.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
juniper	CNA	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 34%

Affected Products (NVD)

Vendor	Product	Version
juniper	junos	24.4
juniper	junos	24.4:r1
juniper	junos	24.4:r1-s2
juniper	junos	24.4:r2

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-908 - Use of Uninitialized Resource
The software uses or accesses a resource that has not been initialized.

References

https://supportportal.juniper.net/JSA103153

https://www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/statement/sampling-edit-forwarding-options.html