CVE-2025-30657 | THREATINT

Description

An Improper Encoding or Escaping of Output vulnerability in the Sampling Route Record Daemon (SRRD) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When a device configured for flow-monitoring receives a specific BGP update message, it is correctly processed internally by the routing protocol daemon (rpd), but when it's sent to SRRD it's encoded incorrectly which leads to a crash and momentary interruption of jflow processing until it automatically restarts. This issue does not affect traffic forwarding itself. This issue affects Junos OS: * All versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S10, * 22.2 versions before 22.2R3-S6, * 22.4 versions before 22.4R3, * 23.2 versions before 23.2R1-S2, 23.2R2. This issue does not affected Junos OS Evolved.

PUBLISHED Reserved 2025-03-24 | Published 2025-04-09 | Updated 2025-04-09 | Assigner juniper

MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

MEDIUM: 6.9CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/AU:Y/R:A/RE:M

Problem types

CWE-116 Improper Encoding or Escaping of Output

Product status

Default status

unaffected

Any version before 21.2R3-S9

affected

21.4 (semver) before 21.4R3-S10

affected

22.2 (semver) before 22.2R3-S6

affected

22.4 (semver) before 22.4R3

affected

23.2 (semver) before 23.2R1-S2, 23.2R2

affected

Timeline

2025-04-09:

Initial Publication

References

supportportal.juniper.net/JSA96467 vendor-advisory

cve.org (CVE-2025-30657)

nvd.nist.gov (CVE-2025-30657)

Download JSON