CVE-2025-52953
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-11

Last updated on: 2025-07-15

Assigner: Juniper Networks, Inc.

Description
An Expected Behavior Violation vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending a valid BGP UPDATE packet to cause a BGP session reset, resulting in a Denial of Service (DoS).  Continuous receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects iBGP and eBGP and both IPv4 and IPv6 are affected by this vulnerability. This issue affects Junos OS: * All versions before 21.2R3-S9, * from 21.4 before 21.4R3-S11, * from 22.2 before 22.2R3-S7, * from 22.4 before 22.4R3-S7, * from 23.2 before 23.2R2-S4, * from 23.4 before 23.4R2-S4, * from 24.2 before 24.2R2, * from 24.4 before 24.4R1-S3, 24.4R2 Junos OS Evolved: * All versions before 22.2R3-S7-EVO, * from 22.4-EVO before 22.4R3-S7-EVO, * from 23.2-EVO before 23.2R2-S4-EVO, * from 23.4-EVO before 23.4R2-S4-EVO, * from 24.2-EVO before 24.2R2-EVO, * from 24.4-EVO before 24.4R1-S3-EVO, 24.4R2-EVO.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-11
Last Modified
2025-07-15
Generated
2026-05-07
AI Q&A
2025-07-11
EPSS Evaluated
2026-05-05
NVD
CVE-2025-52953
EUVD
EUVD-2025-21156
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
juniper junos_os_evolved *
juniper junos_os *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-440 A feature, API, or function does not perform according to its specification.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability is an Expected Behavior Violation in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved. It allows an unauthenticated adjacent attacker to send a valid BGP UPDATE packet that causes a BGP session reset. Continuous receipt and processing of this packet can create a sustained Denial of Service (DoS) condition affecting both iBGP and eBGP sessions over IPv4 and IPv6.


How can this vulnerability impact me? :

The vulnerability can cause a Denial of Service (DoS) by resetting BGP sessions repeatedly. This disrupts network routing stability and availability, potentially leading to network outages or degraded network performance.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart