CVE-2025-59969

EUVD-2025-209396

09.04.2026, 22:16

A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the advanced forwarding toolkit (evo-aftmand/evo-pfemand) of Juniper Networks Junos OS Evolved on PTX Series or QFX5000 Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).An attacker sending crafted multicast packets will cause line cards running evo-aftmand/evo-pfemand to crash and restart or non-line card devices to crash and restart. Continued receipt and processing of these packets will sustain the Denial of Service (DoS) condition.

This issue affects Junos OS Evolved PTX Series:



  *  All versions before 22.4R3-S8-EVO,
  *  from 23.2 before 23.2R2-S5-EVO,
  *  from 23.4 before 23.4R2-EVO,
  *  from 24.2 before 24.2R2-EVO,
  *  from 24.4 before 24.4R2-EVO.




This issue affects Junos OS Evolved on QFX5000 Series:



  *  22.2-EVO version before 22.2R3-S7-EVO,
  *  22.4-EVO version before 22.4R3-S7-EVO,
  *  23.2-EVO versions before 23.2R2-S4-EVO,
  *  23.4-EVO versions before 23.4R2-S5-EVO, 
  *  24.2-EVO versions before 24.2R2-S1-EVO,
  *  24.4-EVO versions before 24.4R1-S3-EVO, 24.4R2-EVO.


This issue does not affect Junos OS Evolved on QFX5000 Series versions before: 21.2R2-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, and 22.1R1-EVO.

Classic Buffer Overflow

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.5 MEDIUM	ADJACENT_NETWORK	LOW	NONE	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 5%

Affected Products (NVD)

Vendor	Product	Version
juniper	junos_os_evolved	𝑥 < 22.4
juniper	junos_os_evolved	22.4
juniper	junos_os_evolved	22.4:r1
juniper	junos_os_evolved	22.4:r1-s1
juniper	junos_os_evolved	22.4:r1-s2
juniper	junos_os_evolved	22.4:r2
juniper	junos_os_evolved	22.4:r2-s1
juniper	junos_os_evolved	22.4:r2-s2
juniper	junos_os_evolved	22.4:r3
juniper	junos_os_evolved	22.4:r3-s1
juniper	junos_os_evolved	22.4:r3-s2
juniper	junos_os_evolved	22.4:r3-s3
juniper	junos_os_evolved	22.4:r3-s4
juniper	junos_os_evolved	22.4:r3-s5
juniper	junos_os_evolved	22.4:r3-s6
juniper	junos_os_evolved	22.4:r3-s7
juniper	junos_os_evolved	23.2
juniper	junos_os_evolved	23.2:r1
juniper	junos_os_evolved	23.2:r1-s1
juniper	junos_os_evolved	23.2:r1-s2
juniper	junos_os_evolved	23.2:r2
juniper	junos_os_evolved	23.2:r2-s1
juniper	junos_os_evolved	23.2:r2-s2
juniper	junos_os_evolved	23.2:r2-s3
juniper	junos_os_evolved	23.2:r2-s4
juniper	junos_os_evolved	23.4
juniper	junos_os_evolved	23.4:r1
juniper	junos_os_evolved	23.4:r1-s1
juniper	junos_os_evolved	23.4:r1-s2
juniper	junos_os_evolved	24.2
juniper	junos_os_evolved	24.2:r1
juniper	junos_os_evolved	24.2:r1-s2
juniper	junos_os_evolved	24.4
juniper	junos_os_evolved	24.4:r1
juniper	junos_os_evolved	24.4:r1-s2
juniper	junos_os_evolved	24.4:r1-s3
juniper	junos_os_evolved	22.2
juniper	junos_os_evolved	22.2:r1
juniper	junos_os_evolved	22.2:r1-s1
juniper	junos_os_evolved	22.2:r1-s2
juniper	junos_os_evolved	22.2:r2
juniper	junos_os_evolved	22.2:r2-s1
juniper	junos_os_evolved	22.2:r2-s2
juniper	junos_os_evolved	22.2:r3
juniper	junos_os_evolved	22.2:r3-s1
juniper	junos_os_evolved	22.2:r3-s2
juniper	junos_os_evolved	22.2:r3-s3
juniper	junos_os_evolved	22.2:r3-s4
juniper	junos_os_evolved	22.2:r3-s5
juniper	junos_os_evolved	22.2:r3-s6
juniper	junos_os_evolved	22.4
juniper	junos_os_evolved	22.4:r1
juniper	junos_os_evolved	22.4:r1-s1
juniper	junos_os_evolved	22.4:r1-s2
juniper	junos_os_evolved	22.4:r2
juniper	junos_os_evolved	22.4:r2-s1
juniper	junos_os_evolved	22.4:r2-s2
juniper	junos_os_evolved	22.4:r3
juniper	junos_os_evolved	22.4:r3-s1
juniper	junos_os_evolved	22.4:r3-s2
juniper	junos_os_evolved	22.4:r3-s3
juniper	junos_os_evolved	22.4:r3-s4
juniper	junos_os_evolved	22.4:r3-s5
juniper	junos_os_evolved	22.4:r3-s6
juniper	junos_os_evolved	23.2
juniper	junos_os_evolved	23.2:r1
juniper	junos_os_evolved	23.2:r1-s1
juniper	junos_os_evolved	23.2:r1-s2
juniper	junos_os_evolved	23.2:r2
juniper	junos_os_evolved	23.2:r2-s1
juniper	junos_os_evolved	23.2:r2-s2
juniper	junos_os_evolved	23.2:r2-s3
juniper	junos_os_evolved	23.4
juniper	junos_os_evolved	23.4:r1
juniper	junos_os_evolved	23.4:r1-s1
juniper	junos_os_evolved	23.4:r1-s2
juniper	junos_os_evolved	23.4:r2
juniper	junos_os_evolved	23.4:r2-s1
juniper	junos_os_evolved	23.4:r2-s2
juniper	junos_os_evolved	23.4:r2-s3
juniper	junos_os_evolved	23.4:r2-s4
juniper	junos_os_evolved	24.2
juniper	junos_os_evolved	24.2:r1
juniper	junos_os_evolved	24.2:r1-s2
juniper	junos_os_evolved	24.2:r2
juniper	junos_os_evolved	24.4
juniper	junos_os_evolved	24.4:r1
juniper	junos_os_evolved	24.4:r1-s2
juniper	junos_os_evolved	24.4:r2

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References

https://kb.juniper.net/JSA103159