CVE-2025-52980
BaseFortify
Publication date: 2025-07-11
Last updated on: 2025-07-15
Assigner: Juniper Networks, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| juniper | junos_os | 22.4 |
| juniper | junos_os | 22.3 |
| juniper | junos_os | 23.2 |
| juniper | junos_os | 23.4 |
| juniper | junos_os | 22.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-198 | The product receives input from an upstream component, but it does not account for byte ordering (e.g. big-endian and little-endian) when processing the input, causing an incorrect number or value to be used. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Use of Incorrect Byte Ordering issue in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS on SRX300 Series devices. It allows an unauthenticated attacker on the network to cause a Denial-of-Service (DoS) by sending a BGP update containing a specific, valid, optional, transitive path attribute. When rpd processes this update over an established BGP session (eBGP or iBGP, IPv4 or IPv6), it crashes and restarts.
How can this vulnerability impact me? :
The vulnerability can cause the Routing Protocol Daemon (rpd) on affected Junos OS devices to crash and restart, resulting in a Denial-of-Service (DoS). This can disrupt network routing and connectivity, potentially causing network outages or degraded performance.