Main Vulnerability Database Vulnerabilities #VU121684

#VU121684 NULL pointer dereference in Juniper Junos OS - CVE-2025-60007

Published: January 20, 2026

Vulnerability identifier: #VU121684

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-60007

CWE-ID: CWE-476

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Juniper Junos OS

Software vendor:
Juniper Networks, Inc.

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to null pointer dereference error in the chassis daemon (chassisd). A local user can cause a Denial-of-Service (DoS).

When a user executes the 'show chassis' command with specifically crafted options, chassisd will crash and restart.

Due to this all components but the Routing Engine (RE) in the chassis are reinitialized, which leads to a complete service outage, which the system automatically recovers from.

Remediation

Install updates from vendor's website.

External links

https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-A-specifically-crafted-show-chassis-command-causes-chassisd-to-crash-CVE-2025-60007

#VU121684 NULL pointer dereference in Juniper Junos OS - CVE-2025-60007

Description

Remediation

External links

Please verify you're human