SB2025101398 - Improper error handling in Junos OS Evolved on PTX Series

Security Bulletin ID SB2025101398

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Check for Unusual or Exceptional Conditions (CVE-ID: CVE-2025-59958)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack or gain access to sensitive information.

The vulnerability exists due to improper error handling in the Packet Forwarding Engine (PFE). When an output firewall filter is configured with one or more terms where the action is 'reject', packets matching these terms are erroneously sent to the Routing Engine (RE) and further processed there. Processing of these packets will consume limited RE resources. Also responses from the RE back to the source of this traffic could reveal confidential information about the affected device.

Remediation

Install update from vendor's website.

References

https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-PTX-Series-When-firewall-filter-rejects-traffic-these-packets-are-erroneously-sent-to-the-RE-CVE-2025-59958