Unrated severityNVD Advisory· Published Jul 11, 2025· Updated Jul 11, 2025

Junos OS: MX Series with MPC-BUILTIN, MPC 1 through MPC 9: Receipt and processing of a malformed packet causes one or more FPCs to crash

CVE-2025-52952

Description

An Out-of-bounds Write vulnerability in the connectivity fault management (CFM) daemon of Juniper Networks Junos OS on MX Series with MPC-BUILTIN, MPC1 through MPC9 line cards allows an unauthenticated adjacent attacker to send a malformed packet to the device, leading to an FPC crash and restart, resulting in a Denial of Service (DoS).

Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.

This issue affects Juniper Networks: Junos OS: * All versions before 22.2R3-S1, * from 22.4 before 22.4R2.

This feature is not enabled by default.

Affected products

Juniper Networks/Junosllm-fuzzy
Range: <22.2R3-S1, >=22.4 before 22.4R2
Juniper Networks/Junos OSv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

supportportal.juniper.net/JSA100058mitrevendor-advisory
www.juniper.net/documentation/us/en/software/junos/network-mgmt/topics/topic-map/cfm-configuring.htmlmitretechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000