CVE-2025-59960
BaseFortify
Publication date: 2026-01-15
Last updated on: 2026-01-15
Assigner: Juniper Networks, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| juniper | juniper_junos_os | to 21.2R3-S10 (exc) |
| juniper | juniper_junos_os | From 21.4 (inc) to 21.4R3-S12 (exc) |
| juniper | juniper_junos_os | 22.2 |
| juniper | juniper_junos_os | From 22.4 (inc) to 22.4R3-S8 (exc) |
| juniper | juniper_junos_os | From 23.2 (inc) to 23.2R2-S5 (exc) |
| juniper | juniper_junos_os | From 23.4 (inc) to 23.4R2-S6 (exc) |
| juniper | juniper_junos_os | From 24.2 (inc) to 24.2R2-S2 (exc) |
| juniper | juniper_junos_os | From 24.4 (inc) to 24.4R2 (exc) |
| juniper | juniper_junos_os | From 25.2 (inc) to 25.2R1-S1 (exc) |
| juniper | juniper_junos_os | to 25.2R2 (exc) |
| juniper | juniper_junos_os_evolved | to 21.4R3-S12-EVO (exc) |
| juniper | juniper_junos_os_evolved | * |
| juniper | juniper_junos_os_evolved | From 22.4 (inc) to 22.4R3-S8-EVO (exc) |
| juniper | juniper_junos_os_evolved | From 23.2 (inc) to 23.2R2-S5-EVO (exc) |
| juniper | juniper_junos_os_evolved | From 23.4 (inc) to 23.4R2-S6-EVO (exc) |
| juniper | juniper_junos_os_evolved | From 24.2 (inc) to 24.2R2-S2-EVO (exc) |
| juniper | juniper_junos_os_evolved | From 24.4 (inc) to 24.4R2-EVO (exc) |
| juniper | juniper_junos_os_evolved | From 25.2 (inc) to 25.2R1-S1-EVO (exc) |
| juniper | juniper_junos_os_evolved | to 25.2R2-EVO (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-754 | The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an improper check for unusual or exceptional conditions in the Juniper DHCP service (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved. It allows a DHCP client in one subnet to exhaust the address pools of other subnets by exploiting how the DHCP relay agent handles Option 82 information. Specifically, when a DHCP DISCOVER message with Option 82 is received in 'forward-only' mode, the relay should drop the message unless 'trust-option82' is configured. Instead, it forwards the packets unmodified to the DHCP server, which causes the server to allocate addresses unnecessarily, leading to exhaustion of the DHCP address pools and resulting in a Denial of Service (DoS).
How can this vulnerability impact me? :
This vulnerability can lead to a Denial of Service (DoS) condition on the downstream DHCP server by allowing a DHCP client in one subnet to exhaust the address pools of other subnets. This means legitimate clients may be unable to obtain IP addresses from the DHCP server, disrupting network connectivity and potentially causing network outages or degraded service.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade your Junos OS or Junos OS Evolved to a fixed version that is not affected by this issue. The affected versions are all versions before 21.2R3-S10, from 21.4 before 21.4R3-S12, all versions of 22.2, and other specified versions up to 25.2R2 for Junos OS and similarly for Junos OS Evolved. Additionally, configuring the DHCP relay agent to properly handle Option 82 by enabling 'trust-option82' or ensuring that DHCP DISCOVER messages with Option 82 in 'forward-only' mode are dropped can help prevent address pool exhaustion.