Skip to main content

Junos CVE-2025-52982

| EUVDEUVD-2025-21148 MEDIUM
Improper Resource Shutdown or Release (CWE-404)
2025-07-11 sirt@juniper.net
5.9
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.9 MEDIUM
AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

4
Patch available
Apr 16, 2026 - 05:29 EUVD
22.2R3-S6,21.2R3-S9,21.4
EUVD ID Assigned
Mar 16, 2026 - 08:18 euvd
EUVD-2025-21148
Analysis Generated
Mar 16, 2026 - 08:18 vuln.today
CVE Published
Jul 11, 2025 - 16:15 nvd
MEDIUM 5.9

DescriptionCVE.org

An Improper Resource Shutdown or Release vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series with MS-MPC allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).

When an MX Series device with an MS-MPC is configured with two or more service sets which are both processing SIP calls, a specific sequence of call events will lead to a crash and restart of the MS-MPC. This issue affects Junos OS:

  • all versions before 21.2R3-S9,
  • 21.4 versions from 21.4R1,
  • 22.2 versions before 22.2R3-S6,
  • 22.4 versions before 22.4R3-S6.

As the MS-MPC is EoL after Junos OS 22.4, later versions are not affected.

This issue does not affect MX-SPC3 or SRX Series devices.

Analysis

An Improper Resource Shutdown or Release vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series with MS-MPC allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).

When an MX Series device with an MS-MPC is configured with two or more service sets which are both processing SIP calls, a specific sequence of call events will lead to a crash and restart of the MS-MPC. This issue affects Junos OS:

  • all versions before 21.2R3-S9,
  • 21.4 versions from 21.4R1,
  • 22.2 versions before 22.2R3-S6,
  • 22.4 versions before 22.4R3-S6.

As the MS-MPC is EoL after Junos OS 22.4, later versions are not affected.

This issue does not affect MX-SPC3 or SRX Series devices.

Technical ContextAI

A denial of service vulnerability allows an attacker to disrupt the normal functioning of a system, making it unavailable to legitimate users. This vulnerability is classified as Improper Resource Shutdown or Release (CWE-404).

RemediationAI

Implement rate limiting and input validation. Use timeout mechanisms for resource-intensive operations. Deploy DDoS protection where applicable.

More in Junos

View all
CVE-2016-1285 MEDIUM
6.8 Mar 09

named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does not properly handle DNAME records when parsing fe

CVE-2016-1286 HIGH
8.6 Mar 09

named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 allows remote attackers to cause a denial of service (

CVE-2023-36845 CRITICAL POC
9.8 Aug 17

A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series all

CVE-2013-6618 CRITICAL POC
9.0 Nov 05

jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3,

CVE-2014-6380 HIGH POC
7.8 Oct 14

Juniper Junos 11.4 before R11, 12.1 before R9, 12.1X44 before D30, 12.1X45 before D20, 12.1X46 before D15, 12.1X47 befor

CVE-2021-0253 HIGH POC
7.8 Apr 22

NFX Series devices using Juniper Networks Junos OS are susceptible to a local command execution vulnerability thereby al

CVE-2021-0252 HIGH POC
7.8 Apr 22

NFX Series devices using Juniper Networks Junos OS are susceptible to a local code execution vulnerability thereby allow

CVE-2019-0053 HIGH POC
7.8 Jul 11

Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffe

CVE-2023-22415 HIGH POC
7.5 Jan 13

An Out-of-Bounds Write vulnerability in the H.323 ALG of Juniper Networks Junos OS allows an unauthenticated, network-ba

CVE-2022-22223 HIGH POC
7.5 Oct 18

On QFX10000 Series devices using Juniper Networks Junos OS when configured as transit IP/MPLS penultimate hop popping (P

CVE-2022-22209 HIGH POC
7.5 Jul 20

A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an

CVE-2022-22188 HIGH POC
7.5 Apr 14

An Uncontrolled Memory Allocation vulnerability leading to a Heap-based Buffer Overflow in the packet forwarding engine

Share

CVE-2025-52982 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy