Main Vulnerability Database Vulnerabilities #VU116940

#VU116940 Resource exhaustion in Junos OS Evolved - CVE-2025-52961

Published: October 13, 2025

Vulnerability identifier: #VU116940

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-52961

CWE-ID: CWE-400

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Junos OS Evolved

Software vendor:
Juniper Networks, Inc.

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper control for consumption of internal resources in the Connectivity Fault Management (CFM) daemon and the Connectivity Fault Management Manager (cfmman). A remote attacker on the local network can trigger resource exhaustion by sending specialy crafted traffic and perform a denial of service (DoS) attack.

The vulnerability affects the following platforms: PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016.

Remediation

Install updates from vendor's website.

External links

https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-PTX-Series-except-PTX10003-An-unauthenticated-adjacent-attacker-sending-specific-valid-traffic-can-cause-a-memory-leak-in-cfmman-leading-to-FPC-crash-and-restart-CVE-2025-52961

#VU116940 Resource exhaustion in Junos OS Evolved - CVE-2025-52961

Description

Remediation

External links

Please verify you're human