Juniper Networks has disclosed a significant vulnerability affecting its Junos OS and Junos OS Evolved platforms.
Identified as CVE-2025-21598, this flaw allows unauthenticated remote attackers to exploit a critical out-of-bounds read vulnerability in the routing protocol daemon (rpd).
The vulnerability is triggered when devices are configured with Border Gateway Protocol (BGP) options enabled, leading to potential crashes and broader network disruptions.
.png
)
Overview of the Vulnerability
The affected versions of Junos OS include 21.2R3-S8, 21.4R3-S7, 22.2R3-S4, 22.3R3-S2, 22.4R3, 23.2R2, 23.4R1, and 24.2R1, as well as the corresponding versions of Junos OS Evolved.
The vulnerability has been assigned a high severity score of 7.5 under the CVSS v3.1—indicating a critical risk that could lead to serious ramifications for network integrity.
Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free
The core issue arises from the ability of attackers to send malformed BGP packets to devices enabled with specific packet trace options.
This malfunction can cause the rpd to crash, interrupting BGP sessions and potentially spreading the issue across Autonomous Systems (ASes). Both Internal BGP (iBGP) and External BGP (eBGP) are affected, risking the stability of IPv4 and IPv6 networks alike.
According to the Juniper report, Network administrators are advised to monitor their systems for signs of this vulnerability. An indicator of compromise might be detecting malformed update messages from neighboring ASes.
Relevant log messages may include alerts about received malformed updates and malformed attributes, which indicate that the issue is propagating.
To address the vulnerability, Juniper Networks has released updated software versions that remedy the issue.
Users are encouraged to upgrade to the following patched versions: for Junos OS, 21.2R3-S9, 21.4R3-S9, 22.2R3-S5, 22.3R3-S4, 22.4R3-S5, 23.2R2-S2, 23.4R2-S1, 24.2R1-S1, 24.2R2, and subsequent releases.
Similarly, for Junos OS Evolved, users should upgrade to versions 21.4R3-S9-EVO, 22.2R3-S5-EVO, 22.3R3-S4-EVO, 22.4R3-S5-EVO, 23.2R2-S2-EVO, 23.4R2-S1-EVO, 24.2R1-S2-EVO, 24.2R2-EVO, and all subsequent releases.
For immediate risk mitigation while awaiting updates, disabling the BGP packet tracing options is recommended as a workaround.
The emergence of CVE-2025-21598 serves as a reminder for organizations to regularly patch their networking equipment and remain vigilant against vulnerabilities that could be exploited for remote network attacks.
Juniper Networks’ prompt disclosure and provision of solutions underscore the importance of proactive cybersecurity measures in maintaining network integrity.
Find this News Interesting! Follow us on Google News, LinkedIn, and X to Get Instant Updates!
