Juniper Junos OS Flaw Enables Attackers to Cause DoS Vulnerability

Juniper Networks has disclosed a critical vulnerability in its Junos OS and Junos OS Evolved operating systems that allows unauthenticated adjacent attackers to trigger denial-of-service conditions through malicious BGP UPDATE packets.

The flaw, tracked as CVE-2025-52953, represents an Expected Behavior Violation vulnerability in the routing protocol daemon (rpd) that could enable sustained network disruptions with minimal effort from threat actors.

Technical Details and Attack Vector

The vulnerability stems from improper handling of BGP UPDATE packets within the routing protocol daemon, affecting both internal BGP (iBGP) and external BGP (eBGP) sessions across IPv4 and IPv6 implementations.

When an attacker sends a specially crafted but technically valid BGP UPDATE packet, the flaw causes an immediate BGP session reset, effectively creating a denial-of-service condition.

What makes this vulnerability particularly concerning is its potential for sustained attacks. Continuous transmission of these malicious packets can maintain a persistent DoS state, severely impacting network operations and routing stability.

The attack requires no authentication, though the attacker must be positioned as an adjacent network peer to exploit the vulnerability.

The flaw specifically targets networks configured with IPv6 VPN unicast families, requiring one of three minimal configuration scenarios: neighbor-specific IPv6 VPN unicast settings, group-level IPv6 VPN unicast configurations, or global BGP IPv6 VPN unicast implementations.

Affected Versions and Remediation

The vulnerability affects an extensive range of Junos OS versions, including all releases prior to 21.2R3-S9, as well as multiple version branches spanning the 21.4 through 24.4 series.

Junos OS Evolved systems are similarly affected, with vulnerable versions ranging from all releases before 22.2R3-S7-EVO through the 24.4-EVO series.

Juniper has released comprehensive patches across both operating systems. For Junos OS, fixed versions include 21.2R3-S9, 21.4R3-S11, 22.2R3-S7, 22.4R3-S7, 23.2R2-S4, 23.4R2-S4, 24.2R2, 24.4R1-S3, 24.4R2, 25.2R1, and all subsequent releases.

Junos OS Evolved users should upgrade to 22.2R3-S7-EVO, 22.4R3-S7-EVO, 23.2R2-S4-EVO, 23.4R2-S4-EVO, 24.2R2-EVO, 24.4R1-S3-EVO, 24.4R2-EVO, 25.2R1-EVO, or later versions.

No Available Workarounds

Notably, Juniper Networks has confirmed that no workarounds exist for this vulnerability, making immediate patching the only viable mitigation strategy.

The company’s Security Incident Response Team (SIRT) has assigned this issue the internal ticket number 1855477. It emphasizes that while the vulnerability was discovered during production usage, no malicious exploitation has been observed in the wild.

Organizations running affected Juniper infrastructure should prioritize updating to patched versions, particularly those operating BGP environments with IPv6 VPN unicast configurations, as these represent the primary attack surface for this vulnerability.