Juniper Junos OS Hit by Critical BGP Use-After-Free Vulnerability (CVE-2025-52946)

A critical Use After Free vulnerability in Juniper's Junos OS and Junos OS Evolved allows attackers to crash routing protocol daemons via malformed BGP updates, causing sustained denial-of-service conditions.
CVE Analysis

8 min read

ZeroPath Security Research

ZeroPath Security Research

2025-07-11

Juniper Junos OS Hit by Critical BGP Use-After-Free Vulnerability (CVE-2025-52946)

Juniper Junos OS Hit by Critical BGP Use-After-Free Vulnerability (CVE-2025-52946)

Introduction

Network stability is once again under threat with a critical vulnerability identified in Juniper Networks' Junos OS and Junos OS Evolved. CVE-2025-52946, a Use After Free flaw, allows attackers to crash the routing protocol daemon (rpd) through specifically malformed BGP updates, potentially causing sustained denial-of-service (DoS) conditions. Given the widespread deployment of Juniper hardware in critical infrastructure, the implications of this vulnerability are severe and demand immediate attention.

Technical Information

The vulnerability is rooted in improper memory handling within the routing protocol daemon (rpd) when processing BGP updates containing malformed AS PATH attributes. Specifically, the flaw manifests when BGP traceoptions are enabled, causing a use-after-free condition upon receipt of a maliciously crafted AS PATH attribute. This results in the rpd process crashing and restarting. Continuous exploitation leads to a sustained denial-of-service condition, severely impacting network operations.

Attack Vector and Exploitation

Successful exploitation requires:

  • BGP traceoptions enabled.
  • An established BGP session.
  • Receipt of a specifically malformed AS PATH attribute within a BGP update.

The vulnerability does not affect systems without traceoptions enabled, limiting its scope but not its potential impact.

Patch Information

Juniper Networks has addressed CVE-2025-52946 by releasing updated versions of Junos OS and Junos OS Evolved. Administrators should upgrade immediately to:

  • Junos OS:

    • Versions 21.2R3-S9 and later
    • Versions 22.2R3-S6 and later
    • Versions 22.4R3-S5 and later
    • Versions 23.2R2-S3 and later
    • Versions 23.4R2-S4 and later
    • Versions 24.2R2 and later
  • Junos OS Evolved:

    • Versions 22.4R3-S5-EVO and later
    • Versions 23.2R2-S3-EVO and later
    • Versions 23.4R2-S4-EVO and later
    • Versions 24.2R2-EVO and later

Consult the official Juniper Networks security advisory for detailed instructions on obtaining and applying these updates.

Detection Methods

Detecting exploitation involves monitoring for unexpected crashes of the rpd process. Indicators of compromise include:

  • Frequent rpd process crashes.
  • Unexplained BGP session resets or instability.

Administrators should regularly review system logs and employ network monitoring solutions to detect anomalies indicative of exploitation attempts.

Affected Systems and Versions

  • Junos OS:

    • All versions before 21.2R3-S9
    • All versions of 21.4
    • Versions 22.2 before 22.2R3-S6
    • Versions 22.4 before 22.4R3-S5
    • Versions 23.2 before 23.2R2-S3
    • Versions 23.4 before 23.4R2-S4
    • Versions 24.2 before 24.2R2
  • Junos OS Evolved:

    • All versions before 22.4R3-S5-EVO
    • Versions 23.2-EVO before 23.2R2-S3-EVO
    • Versions 23.4-EVO before 23.4R2-S4-EVO
    • Versions 24.2-EVO before 24.2R2-EVO

References

Stay vigilant and ensure your network infrastructure remains secure by promptly applying the recommended updates and monitoring for exploitation attempts.

Source: This report was created using AI

If you have suggestions for improvement or feedback, please reach out to us at [email protected]

Detect & fix
what others miss