CVE-2025-59967
BaseFortify
Publication date: 2025-10-09
Last updated on: 2025-10-14
Assigner: Juniper Networks, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| juniper | junos_os_evolved | 23.4r1-evo |
| juniper | junos_os_evolved | 23.2r2-evo |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a NULL Pointer Dereference in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved on certain ACX devices. It allows an unauthenticated, adjacent attacker to cause the evo-pfemand process to crash and restart by sending specific valid multicast traffic to any layer 3 interface. Repeated receipt of this traffic results in a sustained Denial of Service (DoS) condition.
How can this vulnerability impact me? :
The vulnerability can cause a Denial of Service (DoS) on affected Juniper devices by crashing and restarting the evo-pfemand process whenever specific multicast traffic is received. This can disrupt network operations and availability on affected devices.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade Junos OS Evolved on affected devices to versions 23.2R2-S4-EVO or later, or 23.4R2-EVO or later, as these versions contain fixes for the issue. Avoid exposure to specific valid multicast traffic that triggers the evo-pfemand process crash until the upgrade is applied.