CVE-2025-52960
BaseFortify
Publication date: 2025-10-09
Last updated on: 2025-12-01
Assigner: Juniper Networks, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| juniper | juniper_networks_junos_os | 24.2r2 |
| juniper | juniper_networks_junos_os | * |
| juniper | juniper_networks_junos_os | 22.4r3-s7 |
| juniper | juniper_networks_junos_os | 23.2r2-s4 |
| juniper | juniper_networks_junos_os | 23.4r2-s5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Buffer Copy without Checking Size of Input issue in the Session Initialization Protocol (SIP) ALG of Juniper Networks Junos OS on MX Series and SRX Series devices. It allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS) by sending specific SIP packets when the device's memory utilization is high, causing the flowd process to crash. Although the system recovers automatically, the disruption can significantly impact service stability. Continuous receipt of these packets under high memory utilization can cause a sustained DoS condition.
How can this vulnerability impact me? :
The vulnerability can cause a Denial of Service (DoS) on affected Junos OS devices, leading to crashes of the flowd process and disruption of service stability. While the system recovers automatically, repeated exploitation under high memory utilization can cause sustained service outages, impacting network availability and reliability.