CVE-2025-60003
BaseFortify
Publication date: 2026-01-15
Last updated on: 2026-01-15
Assigner: Juniper Networks, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| juniper | juniper_networks_junos_os | to 22.4R3-S8 (exc) |
| juniper | juniper_networks_junos_os | to 23.2R2-S5 (exc) |
| juniper | juniper_networks_junos_os | to 23.4R2-S6 (exc) |
| juniper | juniper_networks_junos_os | to 24.2R2-S2 (exc) |
| juniper | juniper_networks_junos_os | to 24.4R2 (exc) |
| juniper | juniper_networks_junos_os_evolved | to 22.4R3-S8-EVO (exc) |
| juniper | juniper_networks_junos_os_evolved | to 23.2R2-S5-EVO (exc) |
| juniper | juniper_networks_junos_os_evolved | to 23.4R2-S6-EVO (exc) |
| juniper | juniper_networks_junos_os_evolved | to 24.2R2-S2-EVO (exc) |
| juniper | juniper_networks_junos_os_evolved | to 24.4R2-EVO (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-126 | The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Buffer Over-read in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved. It occurs when an unauthenticated, network-based attacker sends a BGP update containing specific optional transitive attributes over an established peering session. If one or both BGP peers are non-4-byte-AS capable, the rpd process crashes and restarts when trying to advertise the received information to another peer, causing a Denial-of-Service (DoS).
How can this vulnerability impact me? :
The impact of this vulnerability is a Denial-of-Service (DoS) condition on affected devices running Junos OS or Junos OS Evolved. An attacker can cause the routing protocol daemon (rpd) to crash and restart, potentially disrupting network routing and connectivity.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
You can detect this vulnerability by checking established BGP sessions to see if the peers are 4-byte-AS capable. Use the command: show bgp neighbor <IP address> | match "4 byte AS". If the output indicates that one or both BGP peers are non-4-byte-AS capable, the device may be vulnerable if running affected Junos OS or Junos OS Evolved versions.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading Junos OS or Junos OS Evolved to a fixed version that is not vulnerable. The affected versions are all versions before 22.4R3-S8, 23.2 versions before 23.2R2-S5, 23.4 versions before 23.4R2-S6, 24.2 versions before 24.2R2-S2, and 24.4 versions before 24.4R2 (and their respective EVO versions). Additionally, ensure that the disable-4byte-as configuration is not enabled unless necessary, as the vulnerability only occurs if one or both BGP peers are non-4-byte-AS capable.