{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-52952", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "state": "PUBLISHED", "assignerShortName": "juniper", "dateReserved": "2025-06-23T13:16:01.409Z", "datePublished": "2025-07-11T15:04:35.691Z", "dateUpdated": "2025-07-11T20:10:52.673Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["pfe ukern", "cfmman", "cfmd"], "platforms": ["MX Series with MPC-BUILTIN", "MPC1 through MPC9"], "product": "Junos OS", "vendor": "Juniper Networks", "versions": [{"lessThan": "22.2R3-S1", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "22.4R2", "status": "affected", "version": "22.4", "versionType": "semver"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The following minimal configuration is necessary to be present to be potentially exposed to this issue:&nbsp;<br><tt>&nbsp; [protocols oam ethernet connectivity-fault-management enhanced-cfm-mode]</tt><br>"}], "value": "The following minimal configuration is necessary to be present to be potentially exposed to this issue:\u00a0\n\u00a0 [protocols oam ethernet connectivity-fault-management enhanced-cfm-mode]"}], "datePublic": "2025-07-09T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>An Out-of-bounds Write vulnerability in the connectivity fault management (CFM) daemon of Juniper Networks Junos OS on MX Series with MPC-BUILTIN, MPC1 through MPC9 line cards allows an unauthenticated adjacent attacker to send a malformed packet to the device,&nbsp;leading to an FPC crash and restart, resulting in a Denial of Service (DoS).</p><p>Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.</p>This issue affects Juniper Networks:<br>Junos OS:<br><ul><li>All versions before 22.2R3-S1,</li><li>from 22.4 before 22.4R2.</li></ul>This feature is not enabled by default.<br>"}], "value": "An Out-of-bounds Write vulnerability in the connectivity fault management (CFM) daemon of Juniper Networks Junos OS on MX Series with MPC-BUILTIN, MPC1 through MPC9 line cards allows an unauthenticated adjacent attacker to send a malformed packet to the device,\u00a0leading to an FPC crash and restart, resulting in a Denial of Service (DoS).\n\nContinued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\n\nThis issue affects Juniper Networks:\nJunos OS:\n * All versions before 22.2R3-S1,\n * from 22.4 before 22.4R2.\n\n\nThis feature is not enabled by default."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "YES", "Recovery": "AUTOMATIC", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 7.1, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "GREEN", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/V:C/RE:M/U:Green", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2025-07-11T15:04:35.691Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://supportportal.juniper.net/JSA100058"}, {"tags": ["technical-description"], "url": "https://www.juniper.net/documentation/us/en/software/junos/network-mgmt/topics/topic-map/cfm-configuring.html"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve these issues:<br>Junos OS: 22.2R3-S1, 22.4R2,&nbsp;23.2R1, and all subsequent releases.<br>"}], "value": "The following software releases have been updated to resolve these issues:\nJunos OS: 22.2R3-S1, 22.4R2,\u00a023.2R1, and all subsequent releases."}], "source": {"advisory": "JSA100058", "defect": ["1726141"], "discovery": "USER"}, "timeline": [{"lang": "en", "time": "2025-07-09T16:00:00.000Z", "value": "Initial Publication"}], "title": "Junos OS: MX Series with MPC-BUILTIN, MPC 1 through MPC 9: Receipt and processing of a malformed packet causes one or more FPCs to crash", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "There are no known workarounds for this issue."}], "value": "There are no known workarounds for this issue."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-11T20:10:43.269996Z", "id": "CVE-2025-52952", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-11T20:10:52.673Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-52952", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-07-11T20:10:43.269996Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-11T20:10:48.637Z"}}], "cna": {"title": "Junos OS: MX Series with MPC-BUILTIN, MPC 1 through MPC 9: Receipt and processing of a malformed packet causes one or more FPCs to crash", "source": {"defect": ["1726141"], "advisory": "JSA100058", "discovery": "USER"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "AUTOMATIC", "baseScore": 7.1, "Automatable": "YES", "attackVector": "ADJACENT", "baseSeverity": "HIGH", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/V:C/RE:M/U:Green", "providerUrgency": "GREEN", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Juniper Networks", "modules": ["pfe ukern", "cfmman", "cfmd"], "product": "Junos OS", "versions": [{"status": "affected", "version": "0", "lessThan": "22.2R3-S1", "versionType": "semver"}, {"status": "affected", "version": "22.4", "lessThan": "22.4R2", "versionType": "semver"}], "platforms": ["MX Series with MPC-BUILTIN", "MPC1 through MPC9"], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", "supportingMedia": [{"type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", "base64": false}]}], "timeline": [{"lang": "en", "time": "2025-07-09T16:00:00.000Z", "value": "Initial Publication"}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve these issues:\nJunos OS: 22.2R3-S1, 22.4R2,\u00a023.2R1, and all subsequent releases.", "supportingMedia": [{"type": "text/html", "value": "The following software releases have been updated to resolve these issues:<br>Junos OS: 22.2R3-S1, 22.4R2,&nbsp;23.2R1, and all subsequent releases.<br>", "base64": false}]}], "datePublic": "2025-07-09T16:00:00.000Z", "references": [{"url": "https://supportportal.juniper.net/JSA100058", "tags": ["vendor-advisory"]}, {"url": "https://www.juniper.net/documentation/us/en/software/junos/network-mgmt/topics/topic-map/cfm-configuring.html", "tags": ["technical-description"]}], "workarounds": [{"lang": "en", "value": "There are no known workarounds for this issue.", "supportingMedia": [{"type": "text/html", "value": "There are no known workarounds for this issue.", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An Out-of-bounds Write vulnerability in the connectivity fault management (CFM) daemon of Juniper Networks Junos OS on MX Series with MPC-BUILTIN, MPC1 through MPC9 line cards allows an unauthenticated adjacent attacker to send a malformed packet to the device,\u00a0leading to an FPC crash and restart, resulting in a Denial of Service (DoS).\n\nContinued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\n\nThis issue affects Juniper Networks:\nJunos OS:\n * All versions before 22.2R3-S1,\n * from 22.4 before 22.4R2.\n\n\nThis feature is not enabled by default.", "supportingMedia": [{"type": "text/html", "value": "<p>An Out-of-bounds Write vulnerability in the connectivity fault management (CFM) daemon of Juniper Networks Junos OS on MX Series with MPC-BUILTIN, MPC1 through MPC9 line cards allows an unauthenticated adjacent attacker to send a malformed packet to the device,&nbsp;leading to an FPC crash and restart, resulting in a Denial of Service (DoS).</p><p>Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.</p>This issue affects Juniper Networks:<br>Junos OS:<br><ul><li>All versions before 22.2R3-S1,</li><li>from 22.4 before 22.4R2.</li></ul>This feature is not enabled by default.<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write"}]}], "configurations": [{"lang": "en", "value": "The following minimal configuration is necessary to be present to be potentially exposed to this issue:\u00a0\n\u00a0 [protocols oam ethernet connectivity-fault-management enhanced-cfm-mode]", "supportingMedia": [{"type": "text/html", "value": "The following minimal configuration is necessary to be present to be potentially exposed to this issue:&nbsp;<br><tt>&nbsp; [protocols oam ethernet connectivity-fault-management enhanced-cfm-mode]</tt><br>", "base64": false}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2025-07-11T15:04:35.691Z"}}}, "cveMetadata": {"cveId": "CVE-2025-52952", "state": "PUBLISHED", "dateUpdated": "2025-07-11T20:10:52.673Z", "dateReserved": "2025-06-23T13:16:01.409Z", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "datePublished": "2025-07-11T15:04:35.691Z", "assignerShortName": "juniper"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An Out-of-bounds Write vulnerability in the connectivity fault management (CFM) daemon of Juniper Networks Junos OS on MX Series with MPC-BUILTIN, MPC1 through MPC9 line cards allows an unauthenticated adjacent attacker to send a malformed packet to the device,\u00a0leading to an FPC crash and restart, resulting in a Denial of Service (DoS).\n\nContinued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\n\nThis issue affects Juniper Networks:\nJunos OS:\n * All versions before 22.2R3-S1,\n * from 22.4 before 22.4R2.\n\n\nThis feature is not enabled by default."}, {"lang": "es", "value": "Una vulnerabilidad de escritura fuera de los l\u00edmites en el daemon de gesti\u00f3n de fallos de conectividad (CFM) de Juniper Networks Junos OS en la serie MX con tarjetas de l\u00ednea MPC-BUILTIN, MPC1 a MPC9, permite que un atacante adyacente no autenticado env\u00ede un paquete malformado al dispositivo, lo que provoca un bloqueo y reinicio de FPC, lo que resulta en una denegaci\u00f3n de servicio (DoS). La recepci\u00f3n y el procesamiento continuos de este paquete crear\u00e1n una condici\u00f3n de denegaci\u00f3n de servicio (DoS) sostenida. Este problema afecta a Juniper Networks: Sistema operativo Junos: * Todas las versiones anteriores a 22.2R3-S1, * Desde la versi\u00f3n 22.4 hasta la 22.4R2. Esta funci\u00f3n no est\u00e1 habilitada por defecto."}], "id": "CVE-2025-52952", "lastModified": "2025-07-15T13:14:49.980", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "sirt@juniper.net", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "AUTOMATIC", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "GREEN", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:C/RE:M/U:Green", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2025-07-11T15:15:25.930", "references": [{"source": "sirt@juniper.net", "url": "https://supportportal.juniper.net/JSA100058"}, {"source": "sirt@juniper.net", "url": "https://www.juniper.net/documentation/us/en/software/junos/network-mgmt/topics/topic-map/cfm-configuring.html"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "sirt@juniper.net", "type": "Primary"}]}

{}