CVE-2025-59969
Received
Received - Intake
Buffer Overflow in Junos OS Evolved Forwarding Causes DoS
Publication date: 2026-04-09
Last updated on: 2026-04-28
Assigner: Juniper Networks, Inc.
Description
Description
A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the advanced forwarding toolkit (evo-aftmand/evo-pfemand) of Juniper Networks Junos OS Evolved on PTX Series or QFX5000 Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).An attacker sending crafted multicast packets will cause line cards running evo-aftmand/evo-pfemand to crash and restart or non-line card devices to crash and restart.Β Continued receipt and processing of these packets will sustain the Denial of Service (DoS) condition.
This issue affects Junos OS Evolved PTX Series:
* All versions before 22.4R3-S8-EVO,
* from 23.2 before 23.2R2-S5-EVO,
* from 23.4 before 23.4R2-EVO,
* from 24.2 before 24.2R2-EVO,
* from 24.4 beforeΒ 24.4R2-EVO.
This issue affects Junos OS Evolved on QFX5000 Series:
* 22.2-EVO version before 22.2R3-S7-EVO,
* 22.4-EVO version before 22.4R3-S7-EVO,
* 23.2-EVO versions before 23.2R2-S4-EVO,
* 23.4-EVO versions before 23.4R2-S5-EVO,
* 24.2-EVO versions before 24.2R2-S1-EVO,
* 24.4-EVO versions before 24.4R1-S3-EVO, 24.4R2-EVO.
This issue does not affect Junos OS Evolved on QFX5000 Series versions before: 21.2R2-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, and 22.1R1-EVO.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| juniper | junos_os_evolved | 22.4 |
| juniper | junos_os_evolved | 22.4 |
| juniper | junos_os_evolved | 22.4 |
| juniper | junos_os_evolved | 22.4 |
| juniper | junos_os_evolved | 23.2 |
| juniper | junos_os_evolved | 23.2 |
| juniper | junos_os_evolved | 23.2 |
| juniper | junos_os_evolved | 22.4 |
| juniper | junos_os_evolved | 22.4 |
| juniper | junos_os_evolved | 22.4 |
| juniper | junos_os_evolved | 23.2 |
| juniper | junos_os_evolved | 23.2 |
| juniper | junos_os_evolved | 23.2 |
| juniper | junos_os_evolved | 22.4 |
| juniper | junos_os_evolved | 24.2 |
| juniper | junos_os_evolved | 24.2 |
| juniper | junos_os_evolved | 23.4 |
| juniper | junos_os_evolved | 23.4 |
| juniper | junos_os_evolved | 23.4 |
| juniper | junos_os_evolved | 23.2 |
| juniper | junos_os_evolved | 22.4 |
| juniper | junos_os_evolved | 22.4 |
| juniper | junos_os_evolved | to 22.4 (exc) |
| juniper | junos_os_evolved | 23.4 |
| juniper | junos_os_evolved | 22.4 |
| juniper | junos_os_evolved | 22.4 |
| juniper | junos_os_evolved | 22.4 |
| juniper | junos_os_evolved | 22.4 |
| juniper | junos_os_evolved | 22.4 |
| juniper | junos_os_evolved | 23.2 |
| juniper | junos_os_evolved | 23.2 |
| juniper | junos_os_evolved | 24.2 |
| juniper | junos_os_evolved | 24.4 |
| juniper | junos_os_evolved | 24.4 |
| juniper | junos_os_evolved | 24.4 |
| juniper | junos_os_evolved | 24.4 |
| juniper | junos_os_evolved | 22.2 |
| juniper | junos_os_evolved | 22.2 |
| juniper | junos_os_evolved | 22.2 |
| juniper | junos_os_evolved | 22.2 |
| juniper | junos_os_evolved | 22.2 |
| juniper | junos_os_evolved | 22.2 |
| juniper | junos_os_evolved | 22.2 |
| juniper | junos_os_evolved | 22.2 |
| juniper | junos_os_evolved | 22.2 |
| juniper | junos_os_evolved | 22.2 |
| juniper | junos_os_evolved | 22.2 |
| juniper | junos_os_evolved | 23.4 |
| juniper | junos_os_evolved | 22.2 |
| juniper | junos_os_evolved | 23.4 |
| juniper | junos_os_evolved | 23.4 |
| juniper | junos_os_evolved | 23.4 |
| juniper | junos_os_evolved | 23.4 |
| juniper | junos_os_evolved | 24.2 |
| juniper | junos_os_evolved | 24.4 |
| juniper | junos_os_evolved | 22.2 |
| juniper | junos_os_evolved | 22.2 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-120 | The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer. |
