VYPR
Unrated severityNVD Advisory· Published Apr 9, 2025· Updated Apr 9, 2025

Junos OS: MX Series: Subscriber login/logout activity will lead to a memory leak

CVE-2025-30647

Description

A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS).

In a subscriber management scenario, login/logout activity triggers a memory leak, and the leaked memory gradually increments and eventually results in a crash.

user@host> show chassis fpc Temp    CPU Utilization (%)   CPU Utilization (%)   Memory     Utilization (%) Slot State       (C)     Total   Interrupt     1min   5min  15min    DRAM (MB)  Heap   Buffer

2 Online         36       10         0          9     8     9        32768      26         0

This issue affects Junos OS on MX Series: * All versions before 21.2R3-S9 * from 21.4 before 21.4R3-S10 * from 22.2 before 22.2R3-S6 * from 22.4 before 22.4R3-S5 * from 23.2 before 23.2R2-S3 * from 23.4 before 23.4R2-S3 * from 24.2 before 24.2R2.

Affected products

2
  • Juniper Networks/Junosllm-fuzzy2 versions
    <21.2R3-S9, >=21.4 <21.4R3-S10, >=22.2 <22.2R3-S6, >=22.4 <22.4R3-S5, >=23.2 <23.2R2-S3, >=23.4 <23.4R2-S3, >=24.2 <24.2R2+ 1 more
    • (no CPE)range: <21.2R3-S9, >=21.4 <21.4R3-S10, >=22.2 <22.2R3-S6, >=22.4 <22.4R3-S5, >=23.2 <23.2R2-S3, >=23.4 <23.4R2-S3, >=24.2 <24.2R2
    • (no CPE)range: 0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.