{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-59958","assignerOrgId":"8cbe9d5a-a066-4c94-8978-4b15efeae968","state":"PUBLISHED","assignerShortName":"juniper","dateReserved":"2025-09-23T18:19:06.954Z","datePublished":"2025-10-09T15:44:33.938Z","dateUpdated":"2025-10-09T19:05:31.001Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["PTX Series"],"product":"Junos OS Evolved","vendor":"Juniper Networks","versions":[{"lessThan":"22.4R3-EVO","status":"affected","version":"0","versionType":"semver"},{"lessThan":"23.2R2-EVO","status":"affected","version":"23.2","versionType":"semver"}]}],"configurations":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"To be affected by this issue a configuration like the following needs to be present:<br><br><tt>[&nbsp;firewall family &lt;family&gt; filter &lt;filter&gt;&nbsp;term &lt;term&gt;&nbsp;then reject ]<br>\n\n<span style=\"background-color: rgb(255, 255, 255);\">[ interfaces &lt;interface&gt; unit &lt;unit&gt; </span><span style=\"background-color: rgb(255, 255, 255);\">family &lt;family&gt;&nbsp;</span><span style=\"background-color: rgb(255, 255, 255);\">filter </span><span style=\"background-color: rgb(255, 255, 255);\">output &lt;filter&gt; ]</span><br>\n\n</tt>"}],"value":"To be affected by this issue a configuration like the following needs to be present:\n\n[ firewall family <family> filter <filter> term <term> then reject ]\n\n\n[ interfaces <interface> unit <unit> family <family> filter output <filter> ]"}],"datePublic":"2025-10-08T16:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to cause impact to confidentiality and availability.<br><br>When <span style=\"background-color: rgb(255, 255, 255);\">an output firewall filter is configured with one or more&nbsp;</span>terms where the action is 'reject', packets matching these terms are&nbsp;erroneously sent to the Routing Engine (RE) and further processed there.&nbsp;Processing of these packets will consume limited RE resources. Also responses from the RE back to the source of this traffic could reveal confidential information about the affected device.<br>This issue only applies to firewall filters applied to WAN or revenue interfaces, so not the mgmt or lo0 interface of the routing-engine, nor any input filters.<br><br><p>This issue affects Junos OS Evolved on PTX Series:</p><p></p><ul><li>all versions before 22.4R3-EVO,</li><li>23.2 versions before 23.2R2-EVO.</li></ul><p></p><p><br></p>"}],"value":"An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to cause impact to confidentiality and availability.\n\nWhen an output firewall filter is configured with one or more terms where the action is 'reject', packets matching these terms are erroneously sent to the Routing Engine (RE) and further processed there. Processing of these packets will consume limited RE resources. Also responses from the RE back to the source of this traffic could reveal confidential information about the affected device.\nThis issue only applies to firewall filters applied to WAN or revenue interfaces, so not the mgmt or lo0 interface of the routing-engine, nor any input filters.\n\nThis issue affects Junos OS Evolved on PTX Series:\n\n\n\n  *  all versions before 22.4R3-EVO,\n  *  23.2 versions before 23.2R2-EVO."}],"exploits":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>Juniper SIRT is not aware of any malicious exploitation of this vulnerability.</p>"}],"value":"Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]},{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"NETWORK","baseScore":6.9,"baseSeverity":"MEDIUM","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/RE:M","version":"4.0","vulnAvailabilityImpact":"LOW","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"MODERATE"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-754","description":"CWE-754 Improper Check for Unusual or Exceptional Conditions","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"8cbe9d5a-a066-4c94-8978-4b15efeae968","shortName":"juniper","dateUpdated":"2025-10-09T15:44:33.938Z"},"references":[{"tags":["vendor-advisory"],"url":"https://supportportal.juniper.net/JSA103147"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"<p>The following software releases have been updated to resolve this specific issue: 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases.</p>"}],"value":"The following software releases have been updated to resolve this specific issue: 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases."}],"source":{"advisory":"JSA103147","defect":["1734892"],"discovery":"USER"},"title":"Junos OS Evolved: PTX Series: When a firewall filter rejects traffic these packets are erroneously sent to the RE","workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"To avoid this issue remove the affected <tt>reject</tt> action from the respective term(s) and replace it with <tt>discard</tt>, or add <tt>log </tt>or <tt>syslog </tt>actions."}],"value":"To avoid this issue remove the affected reject action from the respective term(s) and replace it with discard, or add log or syslog actions."}],"x_generator":{"engine":"Vulnogram 0.1.0-av217"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-10-09T19:05:24.406953Z","id":"CVE-2025-59958","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-10-09T19:05:31.001Z"}}]}}