CVE-2025-52984 - Vulnerability Details

CVE-2025-52984 - Junos OS and Junos OS Evolved: When a static route points to a reject next-hop and a gNMI query for this route is processed, RPD crashes

A NULL Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause impact to the availability of the device. When static route points to a reject next hop and a gNMI query is processed for that static route, rpd crashes and restarts. This issue affects: Junos OS: * all versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S10, * 22.2 versions before 22.2R3-S6, * 22.4 versions before 22.4R3-S6, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R1-S2, 24.2R2; Junos OS Evolved: * all versions before 22.4R3-S7-EVO, * 23.2-EVO versions before 23.2R2-S3-EVO, * 23.4-EVO versions before 23.4R2-S4-EVO, * 24.2-EVO versions before 24.2R2-EVO.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact Low

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Juniper	Junos Junos Os Evolved
Juniper Networks	Junos Os Junos Os Evolved

Configuration 1 [-]

OR	cpe:2.3:o:juniper:junos::::::::
	cpe:2.3:o:juniper:junos:21.2:-::::::
	cpe:2.3:o:juniper:junos:21.2:r1::::::
	cpe:2.3:o:juniper:junos:21.2:r1-s1::::::
	cpe:2.3:o:juniper:junos:21.2:r1-s2::::::
	cpe:2.3:o:juniper:junos:21.2:r2::::::
	cpe:2.3:o:juniper:junos:21.2:r2-s1::::::
	cpe:2.3:o:juniper:junos:21.2:r2-s2::::::
	cpe:2.3:o:juniper:junos:21.2:r3::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s1::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s2::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s3::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s4::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s5::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s6::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s7::::::
	cpe:2.3:o:juniper:junos:21.2:r3-s8::::::
	cpe:2.3:o:juniper:junos:21.4:-::::::
	cpe:2.3:o:juniper:junos:21.4:r1::::::
	cpe:2.3:o:juniper:junos:21.4:r1-s1::::::
	cpe:2.3:o:juniper:junos:21.4:r1-s2::::::
	cpe:2.3:o:juniper:junos:21.4:r2::::::
	cpe:2.3:o:juniper:junos:21.4:r2-s1::::::
	cpe:2.3:o:juniper:junos:21.4:r2-s2::::::
	cpe:2.3:o:juniper:junos:21.4:r3::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s1::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s10::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s2::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s3::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s4::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s5::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s6::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s7::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s8::::::
	cpe:2.3:o:juniper:junos:21.4:r3-s9::::::
	cpe:2.3:o:juniper:junos:22.2:-::::::
	cpe:2.3:o:juniper:junos:22.2:r1::::::
	cpe:2.3:o:juniper:junos:22.2:r1-s1::::::
	cpe:2.3:o:juniper:junos:22.2:r1-s2::::::
	cpe:2.3:o:juniper:junos:22.2:r2::::::
	cpe:2.3:o:juniper:junos:22.2:r2-s1::::::
	cpe:2.3:o:juniper:junos:22.2:r2-s2::::::
	cpe:2.3:o:juniper:junos:22.2:r3::::::
	cpe:2.3:o:juniper:junos:22.2:r3-s1::::::
	cpe:2.3:o:juniper:junos:22.2:r3-s2::::::
	cpe:2.3:o:juniper:junos:22.2:r3-s3::::::
	cpe:2.3:o:juniper:junos:22.2:r3-s4::::::
	cpe:2.3:o:juniper:junos:22.2:r3-s5::::::
	cpe:2.3:o:juniper:junos:22.4:-::::::
	cpe:2.3:o:juniper:junos:22.4:r1::::::
	cpe:2.3:o:juniper:junos:22.4:r1-s1::::::
	cpe:2.3:o:juniper:junos:22.4:r1-s2::::::
	cpe:2.3:o:juniper:junos:22.4:r2::::::
	cpe:2.3:o:juniper:junos:22.4:r2-s1::::::
	cpe:2.3:o:juniper:junos:22.4:r2-s2::::::
	cpe:2.3:o:juniper:junos:22.4:r3::::::
	cpe:2.3:o:juniper:junos:22.4:r3-s1::::::
	cpe:2.3:o:juniper:junos:22.4:r3-s2::::::
	cpe:2.3:o:juniper:junos:22.4:r3-s3::::::
	cpe:2.3:o:juniper:junos:22.4:r3-s4::::::
	cpe:2.3:o:juniper:junos:22.4:r3-s5::::::
	cpe:2.3:o:juniper:junos:23.2:-::::::
	cpe:2.3:o:juniper:junos:23.2:r1::::::
	cpe:2.3:o:juniper:junos:23.2:r1-s1::::::
cpe:2.3:o:juniper:junos:23.2:r1-s2::::::
cpe:2.3:o:juniper:junos:23.2:r2::::::
cpe:2.3:o:juniper:junos:23.2:r2-s1::::::
cpe:2.3:o:juniper:junos:23.2:r2-s2::::::
cpe:2.3:o:juniper:junos:23.4:-::::::
cpe:2.3:o:juniper:junos:23.4:r1::::::
cpe:2.3:o:juniper:junos:23.4:r1-s1::::::
cpe:2.3:o:juniper:junos:23.4:r1-s2::::::
cpe:2.3:o:juniper:junos:23.4:r2::::::
cpe:2.3:o:juniper:junos:23.4:r2-s1::::::
cpe:2.3:o:juniper:junos:23.4:r2-s2::::::
cpe:2.3:o:juniper:junos:23.4:r2-s3::::::
cpe:2.3:o:juniper:junos:24.2:-::::::
cpe:2.3:o:juniper:junos:24.2:r1::::::
cpe:2.3:o:juniper:junos:24.2:r1-s1::::::
cpe:2.3:o:juniper:junos:24.2:r2::::::
cpe:2.3:o:juniper:junos_os_evolved::::::::
cpe:2.3:o:juniper:junos_os_evolved:22.4:-::::::
cpe:2.3:o:juniper:junos_os_evolved:22.4:r1::::::
cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s1::::::
cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s2::::::
cpe:2.3:o:juniper:junos_os_evolved:22.4:r2::::::
cpe:2.3:o:juniper:junos_os_evolved:22.4:r2-s1::::::
cpe:2.3:o:juniper:junos_os_evolved:22.4:r2-s2::::::
cpe:2.3:o:juniper:junos_os_evolved:22.4:r3::::::
cpe:2.3:o:juniper:junos_os_evolved:22.4:r3-s1::::::
cpe:2.3:o:juniper:junos_os_evolved:22.4:r3-s2::::::
cpe:2.3:o:juniper:junos_os_evolved:22.4:r3-s3::::::
cpe:2.3:o:juniper:junos_os_evolved:22.4:r3-s4::::::
cpe:2.3:o:juniper:junos_os_evolved:22.4:r3-s5::::::
cpe:2.3:o:juniper:junos_os_evolved:22.4:r3-s6::::::
cpe:2.3:o:juniper:junos_os_evolved:23.2:-::::::
cpe:2.3:o:juniper:junos_os_evolved:23.2:r1::::::
cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s1::::::
cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s2::::::
cpe:2.3:o:juniper:junos_os_evolved:23.2:r2::::::
cpe:2.3:o:juniper:junos_os_evolved:23.2:r2-s1::::::
cpe:2.3:o:juniper:junos_os_evolved:23.2:r2-s2::::::
cpe:2.3:o:juniper:junos_os_evolved:23.4:-::::::
cpe:2.3:o:juniper:junos_os_evolved:23.4:r1::::::
cpe:2.3:o:juniper:junos_os_evolved:23.4:r1-s1::::::
cpe:2.3:o:juniper:junos_os_evolved:23.4:r1-s2::::::
cpe:2.3:o:juniper:junos_os_evolved:23.4:r2::::::
cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s1::::::
cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s2::::::
cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s3::::::
cpe:2.3:o:juniper:junos_os_evolved:24.2:-::::::
cpe:2.3:o:juniper:junos_os_evolved:24.2:r1::::::
cpe:2.3:o:juniper:junos_os_evolved:24.2:r1-s2::::::

No data.

References

Link	Providers
https://supportportal.juniper.net/JSA100090

History

Fri, 23 Jan 2026 17:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Juniper Juniper junos Juniper junos Os Evolved
CPEs		cpe:2.3:o:juniper:junos:::::::: cpe:2.3:o:juniper:junos:21.2:-:::::: cpe:2.3:o:juniper:junos:21.2:r1-s1:::::: cpe:2.3:o:juniper:junos:21.2:r1-s2:::::: cpe:2.3:o:juniper:junos:21.2:r1:::::: cpe:2.3:o:juniper:junos:21.2:r2-s1:::::: cpe:2.3:o:juniper:junos:21.2:r2-s2:::::: cpe:2.3:o:juniper:junos:21.2:r2:::::: cpe:2.3:o:juniper:junos:21.2:r3-s1:::::: cpe:2.3:o:juniper:junos:21.2:r3-s2:::::: cpe:2.3:o:juniper:junos:21.2:r3-s3:::::: cpe:2.3:o:juniper:junos:21.2:r3-s4:::::: cpe:2.3:o:juniper:junos:21.2:r3-s5:::::: cpe:2.3:o:juniper:junos:21.2:r3-s6:::::: cpe:2.3:o:juniper:junos:21.2:r3-s7:::::: cpe:2.3:o:juniper:junos:21.2:r3-s8:::::: cpe:2.3:o:juniper:junos:21.2:r3:::::: cpe:2.3:o:juniper:junos:21.4:-:::::: cpe:2.3:o:juniper:junos:21.4:r1-s1:::::: cpe:2.3:o:juniper:junos:21.4:r1-s2:::::: cpe:2.3:o:juniper:junos:21.4:r1:::::: cpe:2.3:o:juniper:junos:21.4:r2-s1:::::: cpe:2.3:o:juniper:junos:21.4:r2-s2:::::: cpe:2.3:o:juniper:junos:21.4:r2:::::: cpe:2.3:o:juniper:junos:21.4:r3-s10:::::: cpe:2.3:o:juniper:junos:21.4:r3-s1:::::: cpe:2.3:o:juniper:junos:21.4:r3-s2:::::: cpe:2.3:o:juniper:junos:21.4:r3-s3:::::: cpe:2.3:o:juniper:junos:21.4:r3-s4:::::: cpe:2.3:o:juniper:junos:21.4:r3-s5:::::: cpe:2.3:o:juniper:junos:21.4:r3-s6:::::: cpe:2.3:o:juniper:junos:21.4:r3-s7:::::: cpe:2.3:o:juniper:junos:21.4:r3-s8:::::: cpe:2.3:o:juniper:junos:21.4:r3-s9:::::: cpe:2.3:o:juniper:junos:21.4:r3:::::: cpe:2.3:o:juniper:junos:22.2:-:::::: cpe:2.3:o:juniper:junos:22.2:r1-s1:::::: cpe:2.3:o:juniper:junos:22.2:r1-s2:::::: cpe:2.3:o:juniper:junos:22.2:r1:::::: cpe:2.3:o:juniper:junos:22.2:r2-s1:::::: cpe:2.3:o:juniper:junos:22.2:r2-s2:::::: cpe:2.3:o:juniper:junos:22.2:r2:::::: cpe:2.3:o:juniper:junos:22.2:r3-s1:::::: cpe:2.3:o:juniper:junos:22.2:r3-s2:::::: cpe:2.3:o:juniper:junos:22.2:r3-s3:::::: cpe:2.3:o:juniper:junos:22.2:r3-s4:::::: cpe:2.3:o:juniper:junos:22.2:r3-s5:::::: cpe:2.3:o:juniper:junos:22.2:r3:::::: cpe:2.3:o:juniper:junos:22.4:-:::::: cpe:2.3:o:juniper:junos:22.4:r1-s1:::::: cpe:2.3:o:juniper:junos:22.4:r1-s2:::::: cpe:2.3:o:juniper:junos:22.4:r1:::::: cpe:2.3:o:juniper:junos:22.4:r2-s1:::::: cpe:2.3:o:juniper:junos:22.4:r2-s2:::::: cpe:2.3:o:juniper:junos:22.4:r2:::::: cpe:2.3:o:juniper:junos:22.4:r3-s1:::::: cpe:2.3:o:juniper:junos:22.4:r3-s2:::::: cpe:2.3:o:juniper:junos:22.4:r3-s3:::::: cpe:2.3:o:juniper:junos:22.4:r3-s4:::::: cpe:2.3:o:juniper:junos:22.4:r3-s5:::::: cpe:2.3:o:juniper:junos:22.4:r3:::::: cpe:2.3:o:juniper:junos:23.2:-:::::: cpe:2.3:o:juniper:junos:23.2:r1-s1:::::: cpe:2.3:o:juniper:junos:23.2:r1-s2:::::: cpe:2.3:o:juniper:junos:23.2:r1:::::: cpe:2.3:o:juniper:junos:23.2:r2-s1:::::: cpe:2.3:o:juniper:junos:23.2:r2-s2:::::: cpe:2.3:o:juniper:junos:23.2:r2:::::: cpe:2.3:o:juniper:junos:23.4:-:::::: cpe:2.3:o:juniper:junos:23.4:r1-s1:::::: cpe:2.3:o:juniper:junos:23.4:r1-s2:::::: cpe:2.3:o:juniper:junos:23.4:r1:::::: cpe:2.3:o:juniper:junos:23.4:r2-s1:::::: cpe:2.3:o:juniper:junos:23.4:r2-s2:::::: cpe:2.3:o:juniper:junos:23.4:r2-s3:::::: cpe:2.3:o:juniper:junos:23.4:r2:::::: cpe:2.3:o:juniper:junos:24.2:-:::::: cpe:2.3:o:juniper:junos:24.2:r1-s1:::::: cpe:2.3:o:juniper:junos:24.2:r1:::::: cpe:2.3:o:juniper:junos:24.2:r2:::::: cpe:2.3:o:juniper:junos_os_evolved:::::::: cpe:2.3:o:juniper:junos_os_evolved:22.4:-:::::: cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:22.4:r1:::::: cpe:2.3:o:juniper:junos_os_evolved:22.4:r2-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:22.4:r2-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:22.4:r2:::::: cpe:2.3:o:juniper:junos_os_evolved:22.4:r3-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:22.4:r3-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:22.4:r3-s3:::::: cpe:2.3:o:juniper:junos_os_evolved:22.4:r3-s4:::::: cpe:2.3:o:juniper:junos_os_evolved:22.4:r3-s5:::::: cpe:2.3:o:juniper:junos_os_evolved:22.4:r3-s6:::::: cpe:2.3:o:juniper:junos_os_evolved:22.4:r3:::::: cpe:2.3:o:juniper:junos_os_evolved:23.2:-:::::: cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:23.2:r1:::::: cpe:2.3:o:juniper:junos_os_evolved:23.2:r2-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:23.2:r2-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:23.2:r2:::::: cpe:2.3:o:juniper:junos_os_evolved:23.4:-:::::: cpe:2.3:o:juniper:junos_os_evolved:23.4:r1-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:23.4:r1-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:23.4:r1:::::: cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s1:::::: cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s3:::::: cpe:2.3:o:juniper:junos_os_evolved:23.4:r2:::::: cpe:2.3:o:juniper:junos_os_evolved:24.2:-:::::: cpe:2.3:o:juniper:junos_os_evolved:24.2:r1-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:24.2:r1::::::
Vendors & Products		Juniper Juniper junos Juniper junos Os Evolved

Tue, 15 Jul 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Sat, 12 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics		epss `{'score': 0.0004}`

Fri, 11 Jul 2025 15:30:00 +0000

Type	Values Removed	Values Added
Description		A NULL Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause impact to the availability of the device. When static route points to a reject next hop and a gNMI query is processed for that static route, rpd crashes and restarts. This issue affects: Junos OS: * all versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S10, * 22.2 versions before 22.2R3-S6, * 22.4 versions before 22.4R3-S6, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R1-S2, 24.2R2; Junos OS Evolved: * all versions before 22.4R3-S7-EVO, * 23.2-EVO versions before 23.2R2-S3-EVO, * 23.4-EVO versions before 23.4R2-S4-EVO, * 24.2-EVO versions before 24.2R2-EVO.
Title		Junos OS and Junos OS Evolved: When a static route points to a reject next-hop and a gNMI query for this route is processed, RPD crashes
Weaknesses		CWE-476
References		https://supportportal.juniper.net/JSA100090
Metrics		cvssV3_1 `{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H'}` cvssV4_0 `{'score': 8.2, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M'}`

MITRE

Status: PUBLISHED

Assigner: juniper

Published: 2025-07-11T15:09:37.765Z

Updated: 2025-07-15T19:55:22.722Z

Reserved: 2025-06-23T18:23:44.546Z

Link: CVE-2025-52984

Vulnrichment

Updated: 2025-07-11T16:04:50.512Z

NVD

Status : Analyzed

Published: 2025-07-11T16:15:25.697

Modified: 2026-01-23T17:05:16.023

Link: CVE-2025-52984

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact Low

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object