CVE-2026-57025
Undergoing Analysis Undergoing Analysis - In Progress

Denial-of-Service in Juniper Junos OS via l2ald Crash

Vulnerability report for CVE-2026-57025, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-10

Assigner: Juniper Networks, Inc.

Description

A Return of Pointer Value Outside of Expected Range vulnerability in the fileio library of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privilged attacker to cause a Denial-of-Service (DoS). On EX Series, QFX Series and MX Series aΒ low-privileged attacker issuing a specific 'show l2-learning' command will cause an l2ald crash which will lead to a temporary service impact for all layer 2 services until the process has automatically restarted. This issue affects EX Series, QFX Series, MX Series: Junos OS: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S7, * 24.2 versions before 24.2R2, * 24.4 versions before 24.4R1-S2. Junos OS Evolved: * all versions before 23.2R2-S7-EVO, * 23.4 versions before 23.4R2-S8-EVO, * 24.2 versions before 24.2R2-EVO, * 24.4 versions before 24.4R1-S3-EVO.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-10
Generated
2026-07-11
AI Q&A
2026-07-10
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 8 associated CPEs
Vendor Product Version / Range
juniper_networks junos_os to 23.2R2-S7 (exc)
juniper_networks junos_os to 23.4R2-S7 (exc)
juniper_networks junos_os to 24.2R2 (exc)
juniper_networks junos_os to 24.4R1-S2 (exc)
juniper_networks junos_os_evolved to 23.2R2-S7-EVO (exc)
juniper_networks junos_os_evolved to 23.4R2-S8-EVO (exc)
juniper_networks junos_os_evolved to 24.2R2-EVO (exc)
juniper_networks junos_os_evolved to 24.4R1-S3-EVO (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-466 A function can return a pointer to memory that is outside of the buffer that the pointer is expected to reference.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a Return of Pointer Value Outside of Expected Range issue in the fileio library of Juniper Networks Junos OS and Junos OS Evolved. It allows a local, low-privileged attacker to cause a Denial-of-Service (DoS) by issuing a specific 'show l2-learning' command.

On EX Series, QFX Series, and MX Series devices, this command causes the l2ald process to crash, resulting in a temporary service impact for all layer 2 services until the process automatically restarts.

Detection Guidance

This vulnerability can be detected by observing if a low-privileged user is able to cause a crash of the l2ald process by issuing a specific command.

Specifically, the vulnerability is triggered by a low-privileged attacker issuing the 'show l2-learning' command on affected Juniper devices.

Therefore, monitoring for unusual or unauthorized use of the 'show l2-learning' command by low-privileged users can help detect attempts to exploit this vulnerability.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade affected Junos OS or Junos OS Evolved versions to the fixed releases.

  • For Junos OS, upgrade to versions 23.2R2-S7 or later, 23.4R2-S7 or later, 24.2R2 or later, or 24.4R1-S2 or later.
  • For Junos OS Evolved, upgrade to versions 23.2R2-S7-EVO or later, 23.4R2-S8-EVO or later, 24.2R2-EVO or later, or 24.4R1-S3-EVO or later.

Until the upgrade is applied, restrict access to the 'show l2-learning' command for low-privileged users to prevent triggering the l2ald crash.

Impact Analysis

The vulnerability can cause a Denial-of-Service (DoS) condition on affected Juniper devices by crashing the l2ald process.

This leads to a temporary disruption of all layer 2 services on EX Series, QFX Series, and MX Series devices until the affected process restarts automatically.

Since the attacker only needs low privileges and local access to trigger this, it could impact network availability and service continuity.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57025. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart