Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.1
CVE-2025-21602: Juniper Networks Junos OS and Junos OS Evolved: BGP Update Packet Causes Crash
CVE-2025-21602
Summary
An attacker on the same network as your router can send a specific packet that crashes the Junos OS or Junos OS Evolved routing system, causing your network to become unavailable. This could happen repeatedly, making your network unreliable. To fix this issue, update your Junos OS or Junos OS Evolved to a version released after the ones listed as vulnerable.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions |
|---|---|---|
| juniper | junos |
21.2 21.4 22.2 22.3 22.4 23.2 23.4 24.2 cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:* |
| juniper | junos_os_evolved |
21.2 21.4 22.2 22.3 22.4 23.2 23.4 24.2 cpe:2.3:o:juniper:junos_os_evolved:21.2:-:*:*:*:*:*:* |
Original title
An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sendi...
Original description
An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending a specific BGP update packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS).
Continuous receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.
This issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability.
This issue affects Junos OS:
* from 21.4 before 21.4R3-S9,
* from 22.2 before 22.2R3-S5,
* from 22.3 before 22.3R3-S4,
* from 22.4 before 22.4R3-S5,
* from 23.2 before 23.2R2-S3,
* from 23.4 before 23.4R2-S3,
* from 24.2 before 24.2R1-S2, 24.2R2;
This issue does not affect versions prior to 21.1R1.
Junos OS Evolved:
* from 21.4 before 21.4R3-S9-EVO,
* from 22.2 before 22.2R3-S5-EVO,
* from 22.3 before 22.3R3-S4-EVO,
* from 22.4 before 22.4R3-S5-EVO,
* from 23.2 before 23.2R2-S3-EVO,
* from 23.4 before 23.4R2-S3-EVO,
* from 24.2 before 24.2R1-S2-EVO, 24.2R2-EVO.
This issue does not affect versions prior to 21.1R1-EVO
Continuous receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.
This issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability.
This issue affects Junos OS:
* from 21.4 before 21.4R3-S9,
* from 22.2 before 22.2R3-S5,
* from 22.3 before 22.3R3-S4,
* from 22.4 before 22.4R3-S5,
* from 23.2 before 23.2R2-S3,
* from 23.4 before 23.4R2-S3,
* from 24.2 before 24.2R1-S2, 24.2R2;
This issue does not affect versions prior to 21.1R1.
Junos OS Evolved:
* from 21.4 before 21.4R3-S9-EVO,
* from 22.2 before 22.2R3-S5-EVO,
* from 22.3 before 22.3R3-S4-EVO,
* from 22.4 before 22.4R3-S5-EVO,
* from 23.2 before 23.2R2-S3-EVO,
* from 23.4 before 23.4R2-S3-EVO,
* from 24.2 before 24.2R1-S2-EVO, 24.2R2-EVO.
This issue does not affect versions prior to 21.1R1-EVO
nvd CVSS3.1
6.5
nvd CVSS4.0
7.1
Vulnerability type
CWE-755
- https://supportportal.juniper.net/JSA92872 Vendor Advisory
Published: 9 Jan 2025 · Updated: 15 Jun 2026 · First seen: 7 Mar 2026