{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-52984","assignerOrgId":"8cbe9d5a-a066-4c94-8978-4b15efeae968","state":"PUBLISHED","assignerShortName":"juniper","dateReserved":"2025-06-23T18:23:44.546Z","datePublished":"2025-07-11T15:09:37.765Z","dateUpdated":"2025-07-15T19:55:22.722Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","product":"Junos OS","vendor":"Juniper Networks","versions":[{"lessThan":"21.2R3-S9","status":"affected","version":"0","versionType":"semver"},{"lessThan":"21.4R3-S10","status":"affected","version":"21.4","versionType":"semver"},{"lessThan":"22.2R3-S6","status":"affected","version":"22.2","versionType":"semver"},{"lessThan":"22.4R3-S6","status":"affected","version":"22.4","versionType":"semver"},{"lessThan":"23.2R2-S3","status":"affected","version":"23.2","versionType":"semver"},{"lessThan":"23.4R2-S4","status":"affected","version":"23.4","versionType":"semver"},{"lessThan":"24.2R1-S2, 24.2R2","status":"affected","version":"24.2","versionType":"semver"}]},{"defaultStatus":"unaffected","product":"Junos OS Evolved","vendor":"Juniper Networks","versions":[{"lessThan":"22.4R3-S7-EVO","status":"affected","version":"0","versionType":"semver"},{"lessThan":"23.2R2-S3-EVO","status":"affected","version":"23.2-EVO","versionType":"semver"},{"lessThan":"23.4R2-S4-EVO","status":"affected","version":"23.4-EVO","versionType":"semver"},{"lessThan":"24.2R2-EVO","status":"affected","version":"24.2-EVO","versionType":"semver"}]}],"configurations":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"To be exposed to this issue the system needs to be configured for GRPC: [ system services extension-service request-response grpc ]
and a static route needs to point to a reject next-hop as shown in the following example:
[ routing-options static route 192.0.2.0/24 next-hop 198.51.100.1 resolve ]\n [ routing-options static route 198.51.100.1/32 reject]"}],"value":"To be exposed to this issue the system needs to be configured for GRPC:\n\n[ system services extension-service request-response grpc ]\n\nand a static route needs to point to a reject next-hop as shown in the following example:\n\n[ routing-options static route 192.0.2.0/24 next-hop 198.51.100.1 resolve ]\n\n[ routing-options static route 198.51.100.1/32 reject]"}],"datePublic":"2025-07-09T16:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"A NULL Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause impact to the availability of the device.
When static route points to a reject next hop and a gNMI query is processed for that static route, rpd crashes and restarts.
This issue affects:
Junos OS:
all versions before 21.2R3-S9,
21.4 versions before 21.4R3-S10,
22.2 versions before 22.2R3-S6,
22.4 versions before 22.4R3-S6,
23.2 versions before 23.2R2-S3,
23.4 versions before 23.4R2-S4,
24.2 versions before 24.2R1-S2, 24.2R2;
Junos OS Evolved:
all versions before 22.4R3-S7-EVO,
23.2-EVO \n\n versions before 23.2R2-S3-EVO,
23.4-EVO versions before 23.4R2-S4-EVO,
24.2-EVO versions before 24.2R2-EVO.
"}],"value":"A NULL Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause impact to the availability of the device.\n\nWhen static route points to a reject next hop and a gNMI query is processed for that static route, rpd crashes and restarts.\n\nThis issue affects:\n\nJunos OS: * all versions before 21.2R3-S9,\n * 21.4 versions before 21.4R3-S10, \n * 22.2 versions before 22.2R3-S6,\n * 22.4 versions before 22.4R3-S6,\n * 23.2 versions before 23.2R2-S3,\n * 23.4 versions before 23.4R2-S4,\n * 24.2 versions before 24.2R1-S2, 24.2R2;\n\n\nJunos OS Evolved:\n\n\n\n * all versions before 22.4R3-S7-EVO,\n * 23.2-EVO \n\n versions before 23.2R2-S3-EVO,\n * 23.4-EVO versions before 23.4R2-S4-EVO,\n * 24.2-EVO versions before 24.2R2-EVO."}],"exploits":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}],"value":"Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":5.9,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]},{"cvssV4_0":{"Automatable":"YES","Recovery":"AUTOMATIC","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"PRESENT","attackVector":"NETWORK","baseScore":8.2,"baseSeverity":"HIGH","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M","version":"4.0","vulnAvailabilityImpact":"HIGH","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"MODERATE"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-476","description":"CWE-476 NULL Pointer Dereference","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"8cbe9d5a-a066-4c94-8978-4b15efeae968","shortName":"juniper","dateUpdated":"2025-07-11T15:09:37.765Z"},"references":[{"tags":["vendor-advisory"],"url":"https://supportportal.juniper.net/JSA100090"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"The following software releases have been updated to resolve this specific issue: Junos OS Evolved: 22.4R3-S7-EVO, 23.2R2-S3-EVO, 23.4R2-S4-EVO, 24.2R2-EVO, 24.4R1-EVO, \n\nand all subsequent releases; Junos OS: 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3-S6, 23.2R2-S3, 23.4R2-S4, 24.2R1-S2, 24.2R2, 24.4R1, and all subsequent releases."}],"value":"The following software releases have been updated to resolve this specific issue:\nJunos OS Evolved: 22.4R3-S7-EVO, 23.2R2-S3-EVO, 23.4R2-S4-EVO, 24.2R2-EVO, 24.4R1-EVO, \n\nand all subsequent releases;\nJunos OS: 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3-S6, 23.2R2-S3, 23.4R2-S4, 24.2R1-S2, 24.2R2, 24.4R1, and all subsequent releases."}],"source":{"advisory":"JSA100090","defect":["1809740"],"discovery":"INTERNAL"},"title":"Junos OS and Junos OS Evolved: When a static route points to a reject next-hop and a gNMI query for this route is processed, RPD crashes","workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"There are no known workarounds for this issue. To reduce the risk of exploitation use access lists or firewall filters to limit access to the device only from trusted, administrative networks or hosts, and configure authentication for grpc."}],"value":"There are no known workarounds for this issue.\nTo reduce the risk of exploitation use access lists or firewall filters to limit access to the device only from trusted, administrative networks or hosts, and configure authentication for grpc."}],"x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-07-11T16:04:49.396427Z","id":"CVE-2025-52984","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-07-15T19:55:22.722Z"}}]}}