Severity by source
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:C/RE:M/U:Green
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:C/RE:M/U:Green
Lifecycle Timeline
7DescriptionCVE.org
An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker, sending a specific genuine BGP packet in an already established BGP session to reset only that session causing a Denial of Service (DoS).
An attacker repeatedly sending the packet will sustain the Denial of Service (DoS).This issue affects Junos OS:
- 25.2 versions before 25.2R2
This issue doesn't not affected Junos OS versions before 25.2R1.
This issue affects Junos OS Evolved:
- 25.2-EVO versions before 25.2R2-EVO
This issue doesn't not affected Junos OS Evolved versions before 25.2R1-EVO.
eBGP and iBGP are affected. IPv4 and IPv6 are affected.
AnalysisAI
BGP session reset vulnerability in Juniper Networks Junos OS 25.2 and Junos OS Evolved 25.2-EVO allows adjacent unauthenticated attackers to trigger Denial of Service by sending malformed BGP packets within established sessions. Affects both eBGP and iBGP implementations across IPv4 and IPv6. Repeated exploitation enables sustained service disruption. Vulnerability confirmed actively exploited (CISA KEV). No public exploit identified at time of analysis. Adjacent network access required; attacker must be on same network segment as BGP peering.
Technical ContextAI
Improper input validation (CWE-20) in BGP packet processing fails to sanitize specific genuine BGP messages post-session establishment. Affects Juniper Junos OS CPE range and Junos OS Evolved CPE range exclusively in 25.2 release branches. Session reset occurs per malformed packet without authentication enforcement, enabling repeatable DoS condition.
RemediationAI
Vendor-released patch: upgrade Junos OS to 25.2R2 or later, and Junos OS Evolved to 25.2R2-EVO or later. No workarounds exist for this vulnerability without upgrading to patched versions. Temporary mitigation: restrict BGP peering to trusted adjacent networks only, implement strict network segmentation to limit adjacency exposure, and deploy BGP session monitoring for anomalous reset patterns. Consult official advisory for complete remediation guidance: https://kb.juniper.net/JSA107850. Organizations unable to upgrade immediately should evaluate service criticality and consider temporary BGP session isolation until patches can be deployed.
Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r
A security vulnerability in An Improper (CVSS 6.7) that allows a local attacker with high privileges. Risk factors: acti
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SRX Series all
jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3,
An authentication bypass vulnerability in Juniper Networks Junos Space Network Management Platform may allow a remote un
Certain Secure Access SA Series SSL VPN products (originally developed by Juniper Networks but now sold and supported by
Juniper Junos 11.4 before R11, 12.1 before R9, 12.1X44 before D30, 12.1X45 before D20, 12.1X46 before D15, 12.1X47 befor
NFX Series devices using Juniper Networks Junos OS are susceptible to a local command execution vulnerability thereby al
NFX Series devices using Juniper Networks Junos OS are susceptible to a local code execution vulnerability thereby allow
Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffe
An Out-of-Bounds Write vulnerability in the H.323 ALG of Juniper Networks Junos OS allows an unauthenticated, network-ba
On QFX10000 Series devices using Juniper Networks Junos OS when configured as transit IP/MPLS penultimate hop popping (P
Same weakness CWE-20 – Improper Input Validation
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-21208
GHSA-3rpc-j6fw-646r