CVE-2025-52952

Published: Jul 11, 2025Modified: Jan 26, 2026

7.1

Vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:C/RE:M/U:Green

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:C/RE:M/U:GreenShow less

Source: sirt@juniper.net (Secondary)

Description

An Out-of-bounds Write vulnerability in the connectivity fault management (CFM) daemon of Juniper Networks Junos OS on MX Series with MPC-BUILTIN, MPC1 through MPC9 line cards allows an unauthenticated adjacent attacker to send a malformed packet to the device, leading to an FPC crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks: Junos OS: * All versions before 22.2R3-S1, * from 22.4 before 22.4R2. This feature is not enabled by default.

Affected (13)

Products: Juniper: Junos

Juniper

1 product

Junos

Configuration A

13 vulnerable · 33 platform

Vulnerable Software	Affected Versions
Juniper Junos	Before 22.2
Juniper Junos	Version 22.2
Juniper Junos	Version 22.2 r1-s1
Juniper Junos	Version 22.2 r1-s2
Juniper Junos	Version 22.2 r1
Juniper Junos	Version 22.2 r2-s1
Juniper Junos	Version 22.2 r2-s2
Juniper Junos	Version 22.2 r2
Juniper Junos	Version 22.2 r3
Juniper Junos	Version 22.4
Juniper Junos	Version 22.4 r1-s1
Juniper Junos	Version 22.4 r1-s2
Juniper Junos	Version 22.4 r1

Running on/with	Platform Versions
Juniper 2x100ge + 4x10ge Mpc5e	All versions
Juniper 2x100ge + 4x10ge Mpc5eq	All versions
Juniper 2x100ge + 8x10ge Mpc4e	All versions
Juniper 32x10ge Mpc4e	All versions
Juniper 6x40ge + 24x10ge Mpc5e	All versions
Juniper 6x40ge + 24x10ge Mpc5eq	All versions
Juniper Mpc1	All versions
Juniper Mpc1 Q	All versions
Juniper Mpc1e	All versions
Juniper Mpc1e Q	All versions
Juniper Mpc2	All versions
Juniper Mpc2 Eq	All versions
Juniper Mpc2 Q	All versions
Juniper Mpc2e	All versions
Juniper Mpc2e Eq	All versions
Juniper Mpc2e Ng	All versions
Juniper Mpc2e Ng Q	All versions
Juniper Mpc2e P	All versions
Juniper Mpc2e Q	All versions
Juniper Mpc3e	All versions
Juniper Mpc3e 3d Ng	All versions
Juniper Mpc3e 3d Ng Q	All versions
Juniper Mpc6e	All versions
Juniper Mpc7e 10g	All versions
Juniper Mpc7e Mrate	All versions
Juniper Mpc8e	All versions
Juniper Mpc9e	All versions
Juniper Mx2008	All versions
Juniper Mx2010	All versions
Juniper Mx2020	All versions
Juniper Mx240	All versions
Juniper Mx480	All versions
Juniper Mx960	All versions

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://supportportal.juniper.net/JSA100058

Source: sirt@juniper.net

Vendor Advisory

https://www.juniper.net/documentation/us/en/software/junos/network-mgmt/topics/topic-map/cfm-configuring.html

Source: sirt@juniper.net

Product

Timeline

No history available yet.