Main Vulnerability Database Vulnerabilities #VU116938

#VU116938 Improper Check for Unusual or Exceptional Conditions in Junos OS Evolved - CVE-2025-59958

Published: October 13, 2025

Vulnerability identifier: #VU116938

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-59958

CWE-ID: CWE-754

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Junos OS Evolved

Software vendor:
Juniper Networks, Inc.

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack or gain access to sensitive information.

The vulnerability exists due to improper error handling in the Packet Forwarding Engine (PFE). When an output firewall filter is configured with one or more terms where the action is 'reject', packets matching these terms are erroneously sent to the Routing Engine (RE) and further processed there. Processing of these packets will consume limited RE resources. Also responses from the RE back to the source of this traffic could reveal confidential information about the affected device.

Remediation

Install updates from vendor's website.

External links

https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-PTX-Series-When-firewall-filter-rejects-traffic-these-packets-are-erroneously-sent-to-the-RE-CVE-2025-59958

#VU116938 Improper Check for Unusual or Exceptional Conditions in Junos OS Evolved - CVE-2025-59958

Description

Remediation

External links

Please verify you're human