CVE-2025-52960 - Vulnerability Details

CVE-2025-52960 - Junos OS: SRX Series and MX Series: Receipt of specific SIP packets in a high utilization situation causes a flowd/mspmand crash

A Buffer Copy without Checking Size of Input vulnerability in the Session Initialization Protocol (SIP) ALG of Juniper Networks Junos OS on MX Series and SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When memory utilization is high, and specific SIP packets are received, flowd/mspmand crashes. While the system recovers automatically, the disruption can significantly impact service stability. Continuous receipt of these specific SIP packets, while high utilization is present, will cause a sustained DoS condition. The utilization is outside the attackers control, so they would not be able to deterministically exploit this. This issue affects Junos OS on SRX Series and MX Series: * All versions before 22.4R3-S7, * from 23.2 before 23.2R2-S4, * from 23.4 before 23.4R2-S5, * from 24.2 before 24.2R2.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact Low

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Juniper	Junos Junos Os Mx10004 Mx10008 Mx2008 Mx2010 Mx2020 Mx204 Mx240 Mx304 Mx480 Mx960 Srx1500 Srx1600 Srx2300 Srx300 Srx320 Srx340 Srx345 Srx380 Srx4100 Srx4120 Srx4200 Srx4300 Srx4600 Srx4700 Srx5400 Srx5600 Srx5800

Configuration 1 [-]

AND

OR	cpe:2.3:o:juniper:junos::::::::
	cpe:2.3:o:juniper:junos:22.4:-::::::
	cpe:2.3:o:juniper:junos:22.4:r1::::::
	cpe:2.3:o:juniper:junos:22.4:r1-s1::::::
	cpe:2.3:o:juniper:junos:22.4:r1-s2::::::
	cpe:2.3:o:juniper:junos:22.4:r2::::::
	cpe:2.3:o:juniper:junos:22.4:r2-s1::::::
	cpe:2.3:o:juniper:junos:22.4:r2-s2::::::
	cpe:2.3:o:juniper:junos:22.4:r3::::::
	cpe:2.3:o:juniper:junos:22.4:r3-s1::::::
	cpe:2.3:o:juniper:junos:22.4:r3-s2::::::
	cpe:2.3:o:juniper:junos:22.4:r3-s3::::::
	cpe:2.3:o:juniper:junos:22.4:r3-s4::::::
	cpe:2.3:o:juniper:junos:22.4:r3-s5::::::
	cpe:2.3:o:juniper:junos:22.4:r3-s6::::::
	cpe:2.3:o:juniper:junos:23.2:-::::::
	cpe:2.3:o:juniper:junos:23.2:r1::::::
	cpe:2.3:o:juniper:junos:23.2:r1-s1::::::
	cpe:2.3:o:juniper:junos:23.2:r1-s2::::::
	cpe:2.3:o:juniper:junos:23.2:r2::::::
	cpe:2.3:o:juniper:junos:23.2:r2-s1::::::
	cpe:2.3:o:juniper:junos:23.2:r2-s2::::::
	cpe:2.3:o:juniper:junos:23.2:r2-s3::::::
	cpe:2.3:o:juniper:junos:23.4:-::::::
	cpe:2.3:o:juniper:junos:23.4:r1::::::
	cpe:2.3:o:juniper:junos:23.4:r1-s1::::::
	cpe:2.3:o:juniper:junos:23.4:r1-s2::::::
	cpe:2.3:o:juniper:junos:23.4:r2::::::
	cpe:2.3:o:juniper:junos:23.4:r2-s1::::::
	cpe:2.3:o:juniper:junos:23.4:r2-s2::::::
	cpe:2.3:o:juniper:junos:23.4:r2-s3::::::
	cpe:2.3:o:juniper:junos:23.4:r2-s4::::::
	cpe:2.3:o:juniper:junos:24.2:-::::::
	cpe:2.3:o:juniper:junos:24.2:r1::::::
	cpe:2.3:o:juniper:junos:24.2:r1-s1::::::
	cpe:2.3:o:juniper:junos:24.2:r1-s2::::::

OR	cpe:2.3:h:juniper:mx10004:-:::::::*
	cpe:2.3:h:juniper:mx10008:-:::::::*
	cpe:2.3:h:juniper:mx2008:-:::::::*
	cpe:2.3:h:juniper:mx2010:-:::::::*
	cpe:2.3:h:juniper:mx2020:-:::::::*
	cpe:2.3:h:juniper:mx204:-:::::::*
	cpe:2.3:h:juniper:mx240:-:::::::*
	cpe:2.3:h:juniper:mx304:-:::::::*
	cpe:2.3:h:juniper:mx480:-:::::::*
	cpe:2.3:h:juniper:mx960:-:::::::*
	cpe:2.3:h:juniper:srx1500:-:::::::*
	cpe:2.3:h:juniper:srx1600:-:::::::*
	cpe:2.3:h:juniper:srx2300:-:::::::*
	cpe:2.3:h:juniper:srx300:-:::::::*
	cpe:2.3:h:juniper:srx320:-:::::::*
	cpe:2.3:h:juniper:srx340:-:::::::*
	cpe:2.3:h:juniper:srx345:-:::::::*
	cpe:2.3:h:juniper:srx380:-:::::::*
	cpe:2.3:h:juniper:srx4100:-:::::::*
	cpe:2.3:h:juniper:srx4120:-:::::::*
	cpe:2.3:h:juniper:srx4200:-:::::::*
	cpe:2.3:h:juniper:srx4300:-:::::::*
	cpe:2.3:h:juniper:srx4600:-:::::::*
	cpe:2.3:h:juniper:srx4700:-:::::::*
	cpe:2.3:h:juniper:srx5400:-:::::::*
	cpe:2.3:h:juniper:srx5600:-:::::::*
	cpe:2.3:h:juniper:srx5800:-:::::::*

No data.

References

Link	Providers
https://kb.juniper.net/JSA103143
https://supportportal.juniper.net/JSA103143

History

Fri, 23 Jan 2026 18:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Juniper junos Juniper mx10004 Juniper mx10008 Juniper mx2008 Juniper mx2010 Juniper mx2020 Juniper mx204 Juniper mx240 Juniper mx304 Juniper mx480 Juniper mx960 Juniper srx1500 Juniper srx1600 Juniper srx2300 Juniper srx300 Juniper srx320 Juniper srx340 Juniper srx345 Juniper srx380 Juniper srx4100 Juniper srx4120 Juniper srx4200 Juniper srx4300 Juniper srx4600 Juniper srx4700 Juniper srx5400 Juniper srx5600 Juniper srx5800
CPEs		cpe:2.3:h:juniper:mx10004:-:::::::* cpe:2.3:h:juniper:mx10008:-:::::::* cpe:2.3:h:juniper:mx2008:-:::::::* cpe:2.3:h:juniper:mx2010:-:::::::* cpe:2.3:h:juniper:mx2020:-:::::::* cpe:2.3:h:juniper:mx204:-:::::::* cpe:2.3:h:juniper:mx240:-:::::::* cpe:2.3:h:juniper:mx304:-:::::::* cpe:2.3:h:juniper:mx480:-:::::::* cpe:2.3:h:juniper:mx960:-:::::::* cpe:2.3:h:juniper:srx1500:-:::::::* cpe:2.3:h:juniper:srx1600:-:::::::* cpe:2.3:h:juniper:srx2300:-:::::::* cpe:2.3:h:juniper:srx300:-:::::::* cpe:2.3:h:juniper:srx320:-:::::::* cpe:2.3:h:juniper:srx340:-:::::::* cpe:2.3:h:juniper:srx345:-:::::::* cpe:2.3:h:juniper:srx380:-:::::::* cpe:2.3:h:juniper:srx4100:-:::::::* cpe:2.3:h:juniper:srx4120:-:::::::* cpe:2.3:h:juniper:srx4200:-:::::::* cpe:2.3:h:juniper:srx4300:-:::::::* cpe:2.3:h:juniper:srx4600:-:::::::* cpe:2.3:h:juniper:srx4700:-:::::::* cpe:2.3:h:juniper:srx5400:-:::::::* cpe:2.3:h:juniper:srx5600:-:::::::* cpe:2.3:h:juniper:srx5800:-:::::::* cpe:2.3:o:juniper:junos:::::::: cpe:2.3:o:juniper:junos:22.4:-:::::: cpe:2.3:o:juniper:junos:22.4:r1-s1:::::: cpe:2.3:o:juniper:junos:22.4:r1-s2:::::: cpe:2.3:o:juniper:junos:22.4:r1:::::: cpe:2.3:o:juniper:junos:22.4:r2-s1:::::: cpe:2.3:o:juniper:junos:22.4:r2-s2:::::: cpe:2.3:o:juniper:junos:22.4:r2:::::: cpe:2.3:o:juniper:junos:22.4:r3-s1:::::: cpe:2.3:o:juniper:junos:22.4:r3-s2:::::: cpe:2.3:o:juniper:junos:22.4:r3-s3:::::: cpe:2.3:o:juniper:junos:22.4:r3-s4:::::: cpe:2.3:o:juniper:junos:22.4:r3-s5:::::: cpe:2.3:o:juniper:junos:22.4:r3-s6:::::: cpe:2.3:o:juniper:junos:22.4:r3:::::: cpe:2.3:o:juniper:junos:23.2:-:::::: cpe:2.3:o:juniper:junos:23.2:r1-s1:::::: cpe:2.3:o:juniper:junos:23.2:r1-s2:::::: cpe:2.3:o:juniper:junos:23.2:r1:::::: cpe:2.3:o:juniper:junos:23.2:r2-s1:::::: cpe:2.3:o:juniper:junos:23.2:r2-s2:::::: cpe:2.3:o:juniper:junos:23.2:r2-s3:::::: cpe:2.3:o:juniper:junos:23.2:r2:::::: cpe:2.3:o:juniper:junos:23.4:-:::::: cpe:2.3:o:juniper:junos:23.4:r1-s1:::::: cpe:2.3:o:juniper:junos:23.4:r1-s2:::::: cpe:2.3:o:juniper:junos:23.4:r1:::::: cpe:2.3:o:juniper:junos:23.4:r2-s1:::::: cpe:2.3:o:juniper:junos:23.4:r2-s2:::::: cpe:2.3:o:juniper:junos:23.4:r2-s3:::::: cpe:2.3:o:juniper:junos:23.4:r2-s4:::::: cpe:2.3:o:juniper:junos:23.4:r2:::::: cpe:2.3:o:juniper:junos:24.2:-:::::: cpe:2.3:o:juniper:junos:24.2:r1-s1:::::: cpe:2.3:o:juniper:junos:24.2:r1-s2:::::: cpe:2.3:o:juniper:junos:24.2:r1::::::
Vendors & Products		Juniper junos Juniper mx10004 Juniper mx10008 Juniper mx2008 Juniper mx2010 Juniper mx2020 Juniper mx204 Juniper mx240 Juniper mx304 Juniper mx480 Juniper mx960 Juniper srx1500 Juniper srx1600 Juniper srx2300 Juniper srx300 Juniper srx320 Juniper srx340 Juniper srx345 Juniper srx380 Juniper srx4100 Juniper srx4120 Juniper srx4200 Juniper srx4300 Juniper srx4600 Juniper srx4700 Juniper srx5400 Juniper srx5600 Juniper srx5800

Mon, 01 Dec 2025 09:00:00 +0000

Type	Values Removed	Values Added
Description	A Buffer Copy without Checking Size of Input vulnerability in the Session Initialization Protocol (SIP) ALG of Juniper Networks Junos OS on MX Series and SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When memory utilization is high, and specific SIP packets are received, flowd crashes. While the system recovers automatically, the disruption can significantly impact service stability. Continuous receipt of these specific SIP packets, while high utilization is present, will cause a sustained DoS condition. The utilization is outside the attackers control, so they would not be able to deterministically exploit this. This issue affects Junos OS on SRX Series and MX Series: * All versions before 22.4R3-S7, * from 23.2 before 23.2R2-S4, * from 23.4 before 23.4R2-S5, * from 24.2 before 24.2R2.	A Buffer Copy without Checking Size of Input vulnerability in the Session Initialization Protocol (SIP) ALG of Juniper Networks Junos OS on MX Series and SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When memory utilization is high, and specific SIP packets are received, flowd/mspmand crashes. While the system recovers automatically, the disruption can significantly impact service stability. Continuous receipt of these specific SIP packets, while high utilization is present, will cause a sustained DoS condition. The utilization is outside the attackers control, so they would not be able to deterministically exploit this. This issue affects Junos OS on SRX Series and MX Series: * All versions before 22.4R3-S7, * from 23.2 before 23.2R2-S4, * from 23.4 before 23.4R2-S5, * from 24.2 before 24.2R2.
Title	Junos OS: SRX Series and MX Series: Receipt of specific SIP packets in a high utilization situation causes a flowd crash	Junos OS: SRX Series and MX Series: Receipt of specific SIP packets in a high utilization situation causes a flowd/mspmand crash
References		https://kb.juniper.net/JSA103143

Fri, 10 Oct 2025 11:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Juniper Juniper junos Os
Vendors & Products		Juniper Juniper junos Os

Thu, 09 Oct 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 09 Oct 2025 16:00:00 +0000

Type	Values Removed	Values Added
Description		A Buffer Copy without Checking Size of Input vulnerability in the Session Initialization Protocol (SIP) ALG of Juniper Networks Junos OS on MX Series and SRX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When memory utilization is high, and specific SIP packets are received, flowd crashes. While the system recovers automatically, the disruption can significantly impact service stability. Continuous receipt of these specific SIP packets, while high utilization is present, will cause a sustained DoS condition. The utilization is outside the attackers control, so they would not be able to deterministically exploit this. This issue affects Junos OS on SRX Series and MX Series: * All versions before 22.4R3-S7, * from 23.2 before 23.2R2-S4, * from 23.4 before 23.4R2-S5, * from 24.2 before 24.2R2.
Title		Junos OS: SRX Series and MX Series: Receipt of specific SIP packets in a high utilization situation causes a flowd crash
Weaknesses		CWE-120
References		https://supportportal.juniper.net/JSA103143
Metrics		cvssV3_1 `{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H'}` cvssV4_0 `{'score': 8.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M'}`

MITRE

Status: PUBLISHED

Assigner: juniper

Published: 2025-10-09T15:40:20.193Z

Updated: 2025-12-01T08:41:51.806Z

Reserved: 2025-06-23T13:17:37.424Z

Link: CVE-2025-52960

Vulnrichment

Updated: 2025-10-09T19:43:34.236Z

NVD

Status : Analyzed

Published: 2025-10-09T16:15:45.033

Modified: 2026-01-23T18:34:26.870

Link: CVE-2025-52960

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact Low

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object