We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-52952

Junos OS: MX Series with MPC-BUILTIN, MPC 1 through MPC 9: Receipt and processing of a malformed packet causes one or more FPCs to crash



Description

An Out-of-bounds Write vulnerability in the connectivity fault management (CFM) daemon of Juniper Networks Junos OS on MX Series with MPC-BUILTIN, MPC1 through MPC9 line cards allows an unauthenticated adjacent attacker to send a malformed packet to the device, leading to an FPC crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks: Junos OS: * All versions before 22.2R3-S1, * from 22.4 before 22.4R2. This feature is not enabled by default.

Reserved 2025-06-23 | Published 2025-07-11 | Updated 2025-07-11 | Assigner juniper


MEDIUM: 6.5CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

HIGH: 7.1CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/V:C/RE:M/U:Green

Problem types

CWE-787 Out-of-bounds Write

Product status

Default status
unaffected

Any version before 22.2R3-S1
affected

22.4 before 22.4R2
affected

Timeline

2025-07-09:Initial Publication

References

supportportal.juniper.net/JSA100058 vendor-advisory

www.juniper.net/...gmt/topics/topic-map/cfm-configuring.html technical-description

cve.org (CVE-2025-52952)

nvd.nist.gov (CVE-2025-52952)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-52952

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.