CVE-2025-52986

| EUVD-2025-21144 MEDIUM
2025-07-11 [email protected]
5.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 16, 2026 - 08:18 euvd
EUVD-2025-21144
Analysis Generated
Mar 16, 2026 - 08:18 vuln.today
CVE Published
Jul 11, 2025 - 16:15 nvd
MEDIUM 5.5

Tags

Juniper Denial Of Service Junos Os Evolved Junos

Description

A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low privileged user to cause an impact to the availability of the device. When RIB sharding is enabled and a user executes one of several routing related 'show' commands, a certain amount of memory is leaked. When all available memory has been consumed rpd will crash and restart. The leak can be monitored with the CLI command: show task memory detail | match task_shard_mgmt_cookie where the allocated memory in bytes can be seen to continuously increase with each exploitation. This issue affects: Junos OS: * all versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S11, * 22.2 versions before 22.2R3-S7, * 22.4 versions before 22.4R3-S7, * 23.2 versions before 23.2R2-S4,  * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R2, * 24.4 versions before 24.4R1-S2, 24.4R2; Junos OS Evolved: * all versions before 22.2R3-S7-EVO * 22.4-EVO versions before 22.4R3-S7-EVO, * 23.2-EVO versions before 23.2R2-S4-EVO, * 23.4-EVO versions before 23.4R2-S4-EVO, * 24.2-EVO versions before 24.2R2-EVO,  * 24.4-EVO versions before 24.4R2-EVO.

Analysis

A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low privileged user to cause an impact to the availability of the device.

When RIB sharding is enabled and a user executes one of several routing related 'show' commands, a certain amount of memory is leaked. When all available memory has been consumed rpd will crash and restart.

The leak can be monitored with the CLI command:

show task memory detail | match task_shard_mgmt_cookie

where the allocated memory in bytes can be seen to continuously increase with each exploitation.

This issue affects:

Junos OS:

  • all versions before 21.2R3-S9,
  • 21.4 versions before 21.4R3-S11,
  • 22.2 versions before 22.2R3-S7,
  • 22.4 versions before 22.4R3-S7,
  • 23.2 versions before 23.2R2-S4,
  • 23.4 versions before 23.4R2-S4,
  • 24.2 versions before 24.2R2,
  • 24.4 versions before 24.4R1-S2, 24.4R2;

Junos OS Evolved:

  • all versions before 22.2R3-S7-EVO
  • 22.4-EVO versions before 22.4R3-S7-EVO,
  • 23.2-EVO versions before 23.2R2-S4-EVO,
  • 23.4-EVO versions before 23.4R2-S4-EVO,
  • 24.2-EVO versions before 24.2R2-EVO,
  • 24.4-EVO versions before 24.4R2-EVO.

Technical Context

A denial of service vulnerability allows an attacker to disrupt the normal functioning of a system, making it unavailable to legitimate users. This vulnerability is classified as Memory Leak (CWE-401).

Affected Products

Affected products: Juniper Junos

Remediation

Implement rate limiting and input validation. Use timeout mechanisms for resource-intensive operations. Deploy DDoS protection where applicable.

Priority Score

28
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +28
POC: 0

Share

CVE-2025-52986 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy