CVE-2025-59959
BaseFortify
Publication date: 2026-01-15
Last updated on: 2026-01-15
Assigner: Juniper Networks, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| juniper | junoss | to 22.4R3-S8 (exc) |
| juniper | junoss | to 23.2R2-S5 (exc) |
| juniper | junoss | to 23.4R2-S5 (exc) |
| juniper | junoss | to 24.2R2-S2 (exc) |
| juniper | junoss | to 24.4R2 (exc) |
| juniper | junosevolved | to 22.4R3-S8-EVO (exc) |
| juniper | junosevolved | to 23.2R2-S5-EVO (exc) |
| juniper | junosevolved | to 23.4R2-S6-EVO (exc) |
| juniper | junosevolved | to 24.2R2-S2-EVO (exc) |
| juniper | junosevolved | to 24.4R2-EVO (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-822 | The product obtains a value from an untrusted source, converts this value to a pointer, and dereferences the resulting pointer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Untrusted Pointer Dereference in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved. It allows a local, authenticated attacker with low privileges to cause a Denial-of-Service (DoS) by crashing and restarting the rpd when executing the command 'show route <(receive-protocol | advertising-protocol) bgp> detail' if at least one route in the output has specific attributes. The 'show route ... extensive' command is not affected.
How can this vulnerability impact me? :
This vulnerability can impact you by causing a Denial-of-Service (DoS) condition on the affected device. Specifically, the routing protocol daemon (rpd) will crash and restart when the vulnerable command is executed with certain route attributes, potentially disrupting network routing and availability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by executing the command 'show route < ( receive-protocol | advertising-protocol ) bgp > detail' on affected Junos OS or Junos OS Evolved devices. If the command causes the routing protocol daemon (rpd) to crash and restart, it indicates the presence of the vulnerability. Note that 'show route ... extensive' is not affected and thus not useful for detection.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading the Junos OS or Junos OS Evolved software to a fixed version that addresses this vulnerability. Specifically, upgrade to versions 22.4R3-S8 or later, 23.2R2-S5 or later, 23.4R2-S5 or later, 24.2R2-S2 or later, or 24.4R2 or later for Junos OS; and to versions 22.4R3-S8-EVO or later, 23.2R2-S5-EVO or later, 23.4R2-S6-EVO or later, 24.2R2-S2-EVO or later, or 24.4R2-EVO or later for Junos OS Evolved. Avoid running the vulnerable 'show route < ( receive-protocol | advertising-protocol ) bgp > detail' command until the system is patched.