CVE-2025-52952

MEDIUM 6.5

Our Analysis: Embedded

Our model has classified this vulnerability as relevant to Embedded Systems, helping your team prioritize efforts effectively.

Published Date July 11, 2025

Last Modified July 15, 2025

CVSS Vector CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Description

An Out-of-bounds Write vulnerability in the connectivity fault management (CFM) daemon of Juniper Networks Junos OS on MX Series with MPC-BUILTIN, MPC1 through MPC9 line cards allows an unauthenticated adjacent attacker to send a malformed packet to the device, leading to an FPC crash and restart, resulting in a Denial of Service (DoS).

Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.

This issue affects Juniper Networks:
Junos OS:
* All versions before 22.2R3-S1,
* from 22.4 before 22.4R2.

This feature is not enabled by default.