What is the CVSS score of CVE-2025-52984?

CVE-2025-52984 has a CVSS 3.1 base score of 5.9 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of Junos are affected by CVE-2025-52984?

CVE-2025-52984 presents moderate security risk, a null pointer dereference vulnerability rated CVSS 5.9. Exploitation could compromise the security of affected deployments.. A patch is available.

How to fix or mitigate CVE-2025-52984?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Junos CVE-2025-52984

EUVD-2025-21146 MEDIUM

NULL Pointer Dereference (CWE-476)

2025-07-11 sirt@juniper.net

Denial Of Service Null Pointer Dereference Juniper Junos Junos Os Evolved

5.9

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Patch available

Apr 16, 2026 - 05:29 EUVD

21.2R3-S9,24.2R1-S2,22.4R3-S6

EUVD ID Assigned

Mar 16, 2026 - 08:18 euvd

EUVD-2025-21146

Analysis Generated

Mar 16, 2026 - 08:18 vuln.today

CVE Published

Jul 11, 2025 - 16:15 nvd

MEDIUM 5.9

DescriptionNVD

A NULL Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause impact to the availability of the device.

When static route points to a reject next hop and a gNMI query is processed for that static route, rpd crashes and restarts.

This issue affects:

Junos OS: * all versions before 21.2R3-S9,

21.4 versions before 21.4R3-S10,
22.2 versions before 22.2R3-S6,
22.4 versions before 22.4R3-S6,
23.2 versions before 23.2R2-S3,
23.4 versions before 23.4R2-S4,
24.2 versions before 24.2R1-S2, 24.2R2;

Junos OS Evolved:

all versions before 22.4R3-S7-EVO,
23.2-EVO

versions before 23.2R2-S3-EVO,

23.4-EVO versions before 23.4R2-S4-EVO,
24.2-EVO versions before 24.2R2-EVO.

Analysis

When static route points to a reject next hop and a gNMI query is processed for that static route, rpd crashes and restarts.

This issue affects:

Junos OS: * all versions before 21.2R3-S9,

21.4 versions before 21.4R3-S10,
22.2 versions before 22.2R3-S6,
22.4 versions before 22.4R3-S6,
23.2 versions before 23.2R2-S3,
23.4 versions before 23.4R2-S4,
24.2 versions before 24.2R1-S2, 24.2R2;

Junos OS Evolved:

all versions before 22.4R3-S7-EVO,
23.2-EVO

versions before 23.2R2-S3-EVO,

23.4-EVO versions before 23.4R2-S4-EVO,
24.2-EVO versions before 24.2R2-EVO.

Technical ContextAI

A NULL pointer dereference occurs when the application attempts to use a pointer that has not been initialized or has been set to NULL.

RemediationAI

Add NULL checks before pointer dereference operations. Use static analysis to identify potential NULL pointer issues. Enable compiler warnings.

More from same product – last 7 days

CVE-2026-48687 CRITICAL Act Now

9.8 May 26

OS command injection in FastNetMon Community Edition (through 1.2.9) lets attacker-controlled input reach an unescaped e

CVE-2025-52984 vulnerability details – vuln.today

Back

Junos CVE-2025-52984

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

Analysis

Technical ContextAI

RemediationAI

More from same product – last 7 days

Share

External POC / Exploit Code