CVE-2025-52982
BaseFortify
Publication date: 2025-07-11
Last updated on: 2025-07-15
Assigner: Juniper Networks, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| juniper | junos_os | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-404 | The product does not release or incorrectly releases a resource before it is made available for re-use. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Improper Resource Shutdown or Release issue in the SIP ALG of Juniper Networks Junos OS on MX Series devices with MS-MPC. When configured with two or more service sets processing SIP calls, a specific sequence of call events can cause the MS-MPC to crash and restart. This can be triggered by an unauthenticated, network-based attacker.
How can this vulnerability impact me? :
The vulnerability can cause a Denial-of-Service (DoS) by crashing and restarting the MS-MPC on affected devices. This can disrupt SIP call processing and network services relying on the MX Series device, potentially leading to service outages.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that your Juniper Networks Junos OS on MX Series with MS-MPC is updated to a fixed version. Specifically, upgrade to Junos OS versions 21.2R3-S9 or later, 21.4 versions after 21.4R1, 22.2 versions 22.2R3-S6 or later, or 22.4 versions 22.4R3-S6 or later. Additionally, avoid configuring two or more service sets processing SIP calls simultaneously on affected devices. Note that devices with MS-MPC that are End-of-Life after Junos OS 22.4 are not affected, and MX-SPC3 or SRX Series devices are not vulnerable.