Introduction
Traffic outages on core firewalls can disrupt business operations and expose critical infrastructure to risk. Juniper Networks SRX4700 firewalls, widely deployed in data centers and large enterprises, are affected by a high-severity Denial of Service vulnerability (CVE-2025-59964) that can be triggered remotely and without authentication. This issue is particularly significant for environments that rely on traffic sampling for monitoring or compliance, as the vulnerability is only exposed when forwarding-options sampling is enabled.
Juniper Networks is a leading global provider of networking and security solutions, with the SRX4700 representing its high-performance firewall platform. These devices are integral to securing large-scale enterprise and service provider networks, processing massive volumes of traffic and enforcing advanced security policies.
Technical Information
CVE-2025-59964 is a Use of Uninitialized Resource vulnerability (CWE-908) in the Packet Forwarding Engine (PFE) of Juniper Networks SRX4700 devices running Junos OS 24.4 before 24.4R1-S3 and 24.4R2. The flaw is specifically triggered when the forwarding-options sampling feature is enabled. In this configuration, if any traffic destined for the Routing Engine (RE) is received and processed by the PFE line card, the Flexible PIC Concentrator (FPC) will crash and restart. This results in a Denial of Service, as all traffic through the affected interfaces is interrupted during the restart. If an attacker continues to send RE-destined traffic, the FPC can be kept in a persistent crash loop, sustaining the outage.
Both IPv4 and IPv6 traffic are capable of triggering the vulnerability. The root cause is an uninitialized resource in the PFE's handling of exception traffic when sampling is active. No authentication is required to exploit this issue, and it can be triggered by any network-based attacker able to send traffic to the device. There are no public code snippets or stack traces available for this vulnerability. The issue is limited to the combination of forwarding-options sampling being enabled and RE-destined traffic being processed by the PFE.
Affected Systems and Versions
- Product: Juniper Networks SRX4700
- Software: Junos OS
- Affected versions: 24.4 before 24.4R1-S3, 24.4R2
- Vulnerable configuration: forwarding-options sampling enabled
- Both IPv4 and IPv6 traffic can trigger the issue
Vendor Security History
Juniper Networks has previously addressed Denial of Service and resource management vulnerabilities in Junos OS. The company maintains a regular cadence of security advisories and typically provides timely patches and detailed remediation guidance. The SRX series has had other vulnerabilities in the past, but Juniper's response and communication are generally considered prompt and thorough.
