cvelistv5 - cve-2025-52986

CVE-2025-52986 (GCVE-0-2025-52986)

Vulnerability from cvelistv5

Published

2025-07-11 15:10

Modified

2025-07-15 19:55

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M

CWE

CWE-401 - Missing Release of Memory after Effective Lifetime

Summary

A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low privileged user to cause an impact to the availability of the device. When RIB sharding is enabled and a user executes one of several routing related 'show' commands, a certain amount of memory is leaked. When all available memory has been consumed rpd will crash and restart. The leak can be monitored with the CLI command: show task memory detail | match task_shard_mgmt_cookie where the allocated memory in bytes can be seen to continuously increase with each exploitation. This issue affects: Junos OS: * all versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S11, * 22.2 versions before 22.2R3-S7, * 22.4 versions before 22.4R3-S7, * 23.2 versions before 23.2R2-S4, * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R2, * 24.4 versions before 24.4R1-S2, 24.4R2; Junos OS Evolved: * all versions before 22.2R3-S7-EVO * 22.4-EVO versions before 22.4R3-S7-EVO, * 23.2-EVO versions before 23.2R2-S4-EVO, * 23.4-EVO versions before 23.4R2-S4-EVO, * 24.2-EVO versions before 24.2R2-EVO, * 24.4-EVO versions before 24.4R2-EVO.

References

►

URL

Tags

sirt@juniper.net

https://supportportal.juniper.net/JSA100092

Impacted products

Vendor

Product

Version

►

Juniper Networks

Junos OS

Version: 0   ≤
Version: 21.4   ≤
Version: 22.2   ≤
Version: 22.4   ≤
Version: 23.2   ≤
Version: 23.4   ≤
Version: 24.2   ≤
Version: 24.4   ≤

Juniper Networks

Junos OS Evolved

Version: 0   ≤
Version: 22.4-EVO   ≤
Version: 23.2-EVO   ≤
Version: 23.4-EVO   ≤
Version: 24.2-EVO   ≤
Version: 24.4-EVO   ≤

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-52986",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-11T16:04:38.323609Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-15T19:55:10.352Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "21.2R3-S9",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "21.4R3-S11",
              "status": "affected",
              "version": "21.4",
              "versionType": "semver"
            },
            {
              "lessThan": "22.2R3-S7",
              "status": "affected",
              "version": "22.2",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R3-S7",
              "status": "affected",
              "version": "22.4",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R2-S4",
              "status": "affected",
              "version": "23.2",
              "versionType": "semver"
            },
            {
              "lessThan": "23.4R2-S4",
              "status": "affected",
              "version": "23.4",
              "versionType": "semver"
            },
            {
              "lessThan": "24.2R2",
              "status": "affected",
              "version": "24.2",
              "versionType": "semver"
            },
            {
              "lessThan": "24.4R1-S2, 24.4R2",
              "status": "affected",
              "version": "24.4",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Junos OS Evolved",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "22.2R3-S7-EVO",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R3-S7-EVO",
              "status": "affected",
              "version": "22.4-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R2-S4-EVO",
              "status": "affected",
              "version": "23.2-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "23.4R2-S4-EVO",
              "status": "affected",
              "version": "23.4-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "24.2R2-EVO",
              "status": "affected",
              "version": "24.2-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "24.4R2-EVO",
              "status": "affected",
              "version": "24.4-EVO",
              "versionType": "semver"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "To be exposed to this issue a system needs to be configured with RIB sharding:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ system processes routing bgp \n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003erib-sharding \u003c/span\u003e\n\n]\u003c/tt\u003e"
            }
          ],
          "value": "To be exposed to this issue a system needs to be configured with RIB sharding:\n\n[ system processes routing bgp \n\nrib-sharding \n\n]"
        }
      ],
      "datePublic": "2025-07-09T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low privileged user to cause an impact to the availability of the device.\u003cbr\u003e\u003cbr\u003eWhen RIB sharding is enabled and a user executes one of several routing related \u0027show\u0027 commands, a certain amount of memory is leaked. When all available memory has been consumed rpd will crash and restart.\u003cbr\u003e\u003cbr\u003eThe leak can be monitored with the CLI command:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e\u003c/tt\u003e\n\n\u003ctt\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eshow task memory detail | match task_shard_mgmt_cookie\u003cbr\u003e\u003c/span\u003e\u003c/tt\u003e\n\n\u003cbr\u003ewhere the allocated memory in bytes can be seen to continuously increase with each exploitation.\u003cbr\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS:\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 21.2R3-S9,\u003c/li\u003e\u003cli\u003e21.4 versions before 21.4R3-S11,\u003c/li\u003e\u003cli\u003e22.2 versions before 22.2R3-S7,\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R3-S7,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S4,\u0026nbsp;\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S4,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R1-S2, 24.4R2;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eJunos OS Evolved:\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 22.2R3-S7-EVO\u003c/li\u003e\u003cli\u003e22.4-EVO versions before 22.4R3-S7-EVO,\u003c/li\u003e\u003cli\u003e23.2-EVO versions before 23.2R2-S4-EVO,\u003c/li\u003e\u003cli\u003e23.4-EVO versions before 23.4R2-S4-EVO,\u003c/li\u003e\u003cli\u003e24.2-EVO versions before 24.2R2-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003e24.4-EVO versions before 24.4R2-EVO.\u003c/li\u003e\u003c/ul\u003e"
            }
          ],
          "value": "A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low privileged user to cause an impact to the availability of the device.\n\nWhen RIB sharding is enabled and a user executes one of several routing related \u0027show\u0027 commands, a certain amount of memory is leaked. When all available memory has been consumed rpd will crash and restart.\n\nThe leak can be monitored with the CLI command:\n\n\n\nshow task memory detail | match task_shard_mgmt_cookie\n\n\n\nwhere the allocated memory in bytes can be seen to continuously increase with each exploitation.\n\n\n\nThis issue affects:\n\nJunos OS:\n\n  *  all versions before 21.2R3-S9,\n  *  21.4 versions before 21.4R3-S11,\n  *  22.2 versions before 22.2R3-S7,\n  *  22.4 versions before 22.4R3-S7,\n  *  23.2 versions before 23.2R2-S4,\u00a0\n  *  23.4 versions before 23.4R2-S4,\n  *  24.2 versions before 24.2R2,\n  *  24.4 versions before 24.4R1-S2, 24.4R2;\n\n\nJunos OS Evolved:\n\n  *  all versions before 22.2R3-S7-EVO\n  *  22.4-EVO versions before 22.4R3-S7-EVO,\n  *  23.2-EVO versions before 23.2R2-S4-EVO,\n  *  23.4-EVO versions before 23.4R2-S4-EVO,\n  *  24.2-EVO versions before 24.2R2-EVO,\u00a0\n  *  24.4-EVO versions before 24.4R2-EVO."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "AUTOMATIC",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-401",
              "description": "CWE-401 Missing Release of Memory after Effective Lifetime",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-11T15:10:20.934Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/JSA100092"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS Evolved: 22.2R3-S7-EVO, 22.4R3-S7-EVO, 23.2R2-S4-EVO, 23.4R2-S4-EVO, 24.2R2-EVO, 24.4R2-EVO, 25.2R1-EVO,\u0026nbsp;and all subsequent releases;\u003cbr\u003eJunos OS: 21.2R3-S9, 21.4R3-S11, 22.2R3-S7, 22.4R3-S7, 23.2R2-S4, 23.4R2-S4, 24.2R2, 24.4R1-S2, 24.4R2, 25.2R1, and all subsequent releases."
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue:\nJunos OS Evolved: 22.2R3-S7-EVO, 22.4R3-S7-EVO, 23.2R2-S4-EVO, 23.4R2-S4-EVO, 24.2R2-EVO, 24.4R2-EVO, 25.2R1-EVO,\u00a0and all subsequent releases;\nJunos OS: 21.2R3-S9, 21.4R3-S11, 22.2R3-S7, 22.4R3-S7, 23.2R2-S4, 23.4R2-S4, 24.2R2, 24.4R1-S2, 24.4R2, 25.2R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA100092",
        "defect": [
          "1856054"
        ],
        "discovery": "INTERNAL"
      },
      "title": "Junos OS and Junos OS Evolved: When RIB sharding is configured each time a show command is executed RPD memory leaks",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\u003cbr\u003e"
            }
          ],
          "value": "Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2025-52986",
    "datePublished": "2025-07-11T15:10:20.934Z",
    "dateReserved": "2025-06-23T18:23:44.546Z",
    "dateUpdated": "2025-07-15T19:55:10.352Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-52986\",\"sourceIdentifier\":\"sirt@juniper.net\",\"published\":\"2025-07-11T16:15:26.020\",\"lastModified\":\"2025-07-15T13:14:49.980\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low privileged user to cause an impact to the availability of the device.\\n\\nWhen RIB sharding is enabled and a user executes one of several routing related \u0027show\u0027 commands, a certain amount of memory is leaked. When all available memory has been consumed rpd will crash and restart.\\n\\nThe leak can be monitored with the CLI command:\\n\\n\\n\\nshow task memory detail | match task_shard_mgmt_cookie\\n\\n\\n\\nwhere the allocated memory in bytes can be seen to continuously increase with each exploitation.\\n\\n\\n\\nThis issue affects:\\n\\nJunos OS:\\n\\n  *  all versions before 21.2R3-S9,\\n  *  21.4 versions before 21.4R3-S11,\\n  *  22.2 versions before 22.2R3-S7,\\n  *  22.4 versions before 22.4R3-S7,\\n  *  23.2 versions before 23.2R2-S4,\u00a0\\n  *  23.4 versions before 23.4R2-S4,\\n  *  24.2 versions before 24.2R2,\\n  *  24.4 versions before 24.4R1-S2, 24.4R2;\\n\\n\\nJunos OS Evolved:\\n\\n  *  all versions before 22.2R3-S7-EVO\\n  *  22.4-EVO versions before 22.4R3-S7-EVO,\\n  *  23.2-EVO versions before 23.2R2-S4-EVO,\\n  *  23.4-EVO versions before 23.4R2-S4-EVO,\\n  *  24.2-EVO versions before 24.2R2-EVO,\u00a0\\n  *  24.4-EVO versions before 24.4R2-EVO.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de falta de liberaci\u00f3n de memoria tras el tiempo de vida \u00fatil efectivo en el daemon del protocolo de enrutamiento (rpd) de Juniper Networks Junos OS y Junos OS Evolved permite que un usuario local con pocos privilegios afecte la disponibilidad del dispositivo. Cuando se habilita la fragmentaci\u00f3n RIB y un usuario ejecuta uno de los varios comandos \\\"show\\\" relacionados con el enrutamiento, se pierde cierta cantidad de memoria. Cuando se consume toda la memoria disponible, rpd se bloquea y se reinicia. La p\u00e9rdida se puede monitorizar con el comando de la CLI: show task memory detail | match task_shard_mgmt_cookie, donde se observa que la memoria asignada en bytes aumenta continuamente con cada explotaci\u00f3n. Este problema afecta a: Junos OS: * todas las versiones anteriores a 21.2R3-S9, * versiones 21.4 anteriores a 21.4R3-S11, * versiones 22.2 anteriores a 22.2R3-S7, * versiones 22.4 anteriores a 22.4R3-S7, * versiones 23.2 anteriores a 23.2R2-S4, * versiones 23.4 anteriores a 23.4R2-S4, * versiones 24.2 anteriores a 24.2R2, * versiones 24.4 anteriores a 24.4R1-S2, 24.4R2; Junos OS Evolved: * todas las versiones anteriores a 22.2R3-S7-EVO * versiones 22.4-EVO anteriores a 22.4R3-S7-EVO, * versiones 23.2-EVO anteriores a 23.2R2-S4-EVO, * versiones 23.4-EVO anteriores a 23.4R2-S4-EVO, * versiones 24.2-EVO anteriores a 24.2R2-EVO, * versiones 24.4-EVO anteriores a 24.4R2-EVO.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"LOW\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"YES\",\"Recovery\":\"AUTOMATIC\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"MODERATE\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-401\"}]}],\"references\":[{\"url\":\"https://supportportal.juniper.net/JSA100092\",\"source\":\"sirt@juniper.net\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-52986\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-07-11T16:04:38.323609Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-07-11T16:04:39.481Z\"}}], \"cna\": {\"title\": \"Junos OS and Junos OS Evolved: When RIB sharding is configured each time a show command is executed RPD memory leaks\", \"source\": {\"defect\": [\"1856054\"], \"advisory\": \"JSA100092\", \"discovery\": \"INTERNAL\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.5, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"AUTOMATIC\", \"baseScore\": 6.8, \"Automatable\": \"YES\", \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"LOW\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"LOW\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"MODERATE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Juniper Networks\", \"product\": \"Junos OS\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"21.2R3-S9\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"21.4\", \"lessThan\": \"21.4R3-S11\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"22.2\", \"lessThan\": \"22.2R3-S7\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"22.4\", \"lessThan\": \"22.4R3-S7\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"23.2\", \"lessThan\": \"23.2R2-S4\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"23.4\", \"lessThan\": \"23.4R2-S4\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"24.2\", \"lessThan\": \"24.2R2\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"24.4\", \"lessThan\": \"24.4R1-S2, 24.4R2\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Juniper Networks\", \"product\": \"Junos OS Evolved\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"22.2R3-S7-EVO\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"22.4-EVO\", \"lessThan\": \"22.4R3-S7-EVO\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"23.2-EVO\", \"lessThan\": \"23.2R2-S4-EVO\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"23.4-EVO\", \"lessThan\": \"23.4R2-S4-EVO\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"24.2-EVO\", \"lessThan\": \"24.2R2-EVO\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"24.4-EVO\", \"lessThan\": \"24.4R2-EVO\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\", \"base64\": false}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"The following software releases have been updated to resolve this specific issue:\\nJunos OS Evolved: 22.2R3-S7-EVO, 22.4R3-S7-EVO, 23.2R2-S4-EVO, 23.4R2-S4-EVO, 24.2R2-EVO, 24.4R2-EVO, 25.2R1-EVO,\\u00a0and all subsequent releases;\\nJunos OS: 21.2R3-S9, 21.4R3-S11, 22.2R3-S7, 22.4R3-S7, 23.2R2-S4, 23.4R2-S4, 24.2R2, 24.4R1-S2, 24.4R2, 25.2R1, and all subsequent releases.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS Evolved: 22.2R3-S7-EVO, 22.4R3-S7-EVO, 23.2R2-S4-EVO, 23.4R2-S4-EVO, 24.2R2-EVO, 24.4R2-EVO, 25.2R1-EVO,\u0026nbsp;and all subsequent releases;\u003cbr\u003eJunos OS: 21.2R3-S9, 21.4R3-S11, 22.2R3-S7, 22.4R3-S7, 23.2R2-S4, 23.4R2-S4, 24.2R2, 24.4R1-S2, 24.4R2, 25.2R1, and all subsequent releases.\", \"base64\": false}]}], \"datePublic\": \"2025-07-09T16:00:00.000Z\", \"references\": [{\"url\": \"https://supportportal.juniper.net/JSA100092\", \"tags\": [\"vendor-advisory\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Use access lists or firewall filters to limit access to the CLI only from trusted hosts and administrators.\u003cbr\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low privileged user to cause an impact to the availability of the device.\\n\\nWhen RIB sharding is enabled and a user executes one of several routing related \u0027show\u0027 commands, a certain amount of memory is leaked. When all available memory has been consumed rpd will crash and restart.\\n\\nThe leak can be monitored with the CLI command:\\n\\n\\n\\nshow task memory detail | match task_shard_mgmt_cookie\\n\\n\\n\\nwhere the allocated memory in bytes can be seen to continuously increase with each exploitation.\\n\\n\\n\\nThis issue affects:\\n\\nJunos OS:\\n\\n  *  all versions before 21.2R3-S9,\\n  *  21.4 versions before 21.4R3-S11,\\n  *  22.2 versions before 22.2R3-S7,\\n  *  22.4 versions before 22.4R3-S7,\\n  *  23.2 versions before 23.2R2-S4,\\u00a0\\n  *  23.4 versions before 23.4R2-S4,\\n  *  24.2 versions before 24.2R2,\\n  *  24.4 versions before 24.4R1-S2, 24.4R2;\\n\\n\\nJunos OS Evolved:\\n\\n  *  all versions before 22.2R3-S7-EVO\\n  *  22.4-EVO versions before 22.4R3-S7-EVO,\\n  *  23.2-EVO versions before 23.2R2-S4-EVO,\\n  *  23.4-EVO versions before 23.4R2-S4-EVO,\\n  *  24.2-EVO versions before 24.2R2-EVO,\\u00a0\\n  *  24.4-EVO versions before 24.4R2-EVO.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low privileged user to cause an impact to the availability of the device.\u003cbr\u003e\u003cbr\u003eWhen RIB sharding is enabled and a user executes one of several routing related \u0027show\u0027 commands, a certain amount of memory is leaked. When all available memory has been consumed rpd will crash and restart.\u003cbr\u003e\u003cbr\u003eThe leak can be monitored with the CLI command:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e\u003c/tt\u003e\\n\\n\u003ctt\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eshow task memory detail | match task_shard_mgmt_cookie\u003cbr\u003e\u003c/span\u003e\u003c/tt\u003e\\n\\n\u003cbr\u003ewhere the allocated memory in bytes can be seen to continuously increase with each exploitation.\u003cbr\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS:\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 21.2R3-S9,\u003c/li\u003e\u003cli\u003e21.4 versions before 21.4R3-S11,\u003c/li\u003e\u003cli\u003e22.2 versions before 22.2R3-S7,\u003c/li\u003e\u003cli\u003e22.4 versions before 22.4R3-S7,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S4,\u0026nbsp;\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S4,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R1-S2, 24.4R2;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eJunos OS Evolved:\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 22.2R3-S7-EVO\u003c/li\u003e\u003cli\u003e22.4-EVO versions before 22.4R3-S7-EVO,\u003c/li\u003e\u003cli\u003e23.2-EVO versions before 23.2R2-S4-EVO,\u003c/li\u003e\u003cli\u003e23.4-EVO versions before 23.4R2-S4-EVO,\u003c/li\u003e\u003cli\u003e24.2-EVO versions before 24.2R2-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003e24.4-EVO versions before 24.4R2-EVO.\u003c/li\u003e\u003c/ul\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-401\", \"description\": \"CWE-401 Missing Release of Memory after Effective Lifetime\"}]}], \"configurations\": [{\"lang\": \"en\", \"value\": \"To be exposed to this issue a system needs to be configured with RIB sharding:\\n\\n[ system processes routing bgp \\n\\nrib-sharding \\n\\n]\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"To be exposed to this issue a system needs to be configured with RIB sharding:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ system processes routing bgp \\n\\n\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003erib-sharding \u003c/span\u003e\\n\\n]\u003c/tt\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"shortName\": \"juniper\", \"dateUpdated\": \"2025-07-11T15:10:20.934Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-52986\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-07-15T19:55:10.352Z\", \"dateReserved\": \"2025-06-23T18:23:44.546Z\", \"assignerOrgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"datePublished\": \"2025-07-11T15:10:20.934Z\", \"assignerShortName\": \"juniper\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

fkie_cve-2025-52986

Vulnerability from fkie_nvd

Published

2025-07-11 16:15

Modified

2025-07-15 13:14

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

References

▶	URL	Tags
	sirt@juniper.net	https://supportportal.juniper.net/JSA100092

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low privileged user to cause an impact to the availability of the device.\n\nWhen RIB sharding is enabled and a user executes one of several routing related \u0027show\u0027 commands, a certain amount of memory is leaked. When all available memory has been consumed rpd will crash and restart.\n\nThe leak can be monitored with the CLI command:\n\n\n\nshow task memory detail | match task_shard_mgmt_cookie\n\n\n\nwhere the allocated memory in bytes can be seen to continuously increase with each exploitation.\n\n\n\nThis issue affects:\n\nJunos OS:\n\n  *  all versions before 21.2R3-S9,\n  *  21.4 versions before 21.4R3-S11,\n  *  22.2 versions before 22.2R3-S7,\n  *  22.4 versions before 22.4R3-S7,\n  *  23.2 versions before 23.2R2-S4,\u00a0\n  *  23.4 versions before 23.4R2-S4,\n  *  24.2 versions before 24.2R2,\n  *  24.4 versions before 24.4R1-S2, 24.4R2;\n\n\nJunos OS Evolved:\n\n  *  all versions before 22.2R3-S7-EVO\n  *  22.4-EVO versions before 22.4R3-S7-EVO,\n  *  23.2-EVO versions before 23.2R2-S4-EVO,\n  *  23.4-EVO versions before 23.4R2-S4-EVO,\n  *  24.2-EVO versions before 24.2R2-EVO,\u00a0\n  *  24.4-EVO versions before 24.4R2-EVO."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de falta de liberaci\u00f3n de memoria tras el tiempo de vida \u00fatil efectivo en el daemon del protocolo de enrutamiento (rpd) de Juniper Networks Junos OS y Junos OS Evolved permite que un usuario local con pocos privilegios afecte la disponibilidad del dispositivo. Cuando se habilita la fragmentaci\u00f3n RIB y un usuario ejecuta uno de los varios comandos \"show\" relacionados con el enrutamiento, se pierde cierta cantidad de memoria. Cuando se consume toda la memoria disponible, rpd se bloquea y se reinicia. La p\u00e9rdida se puede monitorizar con el comando de la CLI: show task memory detail | match task_shard_mgmt_cookie, donde se observa que la memoria asignada en bytes aumenta continuamente con cada explotaci\u00f3n. Este problema afecta a: Junos OS: * todas las versiones anteriores a 21.2R3-S9, * versiones 21.4 anteriores a 21.4R3-S11, * versiones 22.2 anteriores a 22.2R3-S7, * versiones 22.4 anteriores a 22.4R3-S7, * versiones 23.2 anteriores a 23.2R2-S4, * versiones 23.4 anteriores a 23.4R2-S4, * versiones 24.2 anteriores a 24.2R2, * versiones 24.4 anteriores a 24.4R1-S2, 24.4R2; Junos OS Evolved: * todas las versiones anteriores a 22.2R3-S7-EVO * versiones 22.4-EVO anteriores a 22.4R3-S7-EVO, * versiones 23.2-EVO anteriores a 23.2R2-S4-EVO, * versiones 23.4-EVO anteriores a 23.4R2-S4-EVO, * versiones 24.2-EVO anteriores a 24.2R2-EVO, * versiones 24.4-EVO anteriores a 24.4R2-EVO."
    }
  ],
  "id": "CVE-2025-52986",
  "lastModified": "2025-07-15T13:14:49.980",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "sirt@juniper.net",
        "type": "Primary"
      }
    ],
    "cvssMetricV40": [
      {
        "cvssData": {
          "Automatable": "YES",
          "Recovery": "AUTOMATIC",
          "Safety": "NOT_DEFINED",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "attackVector": "LOCAL",
          "availabilityRequirement": "NOT_DEFINED",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityRequirement": "NOT_DEFINED",
          "exploitMaturity": "NOT_DEFINED",
          "integrityRequirement": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedSubAvailabilityImpact": "NOT_DEFINED",
          "modifiedSubConfidentialityImpact": "NOT_DEFINED",
          "modifiedSubIntegrityImpact": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnAvailabilityImpact": "NOT_DEFINED",
          "modifiedVulnConfidentialityImpact": "NOT_DEFINED",
          "modifiedVulnIntegrityImpact": "NOT_DEFINED",
          "privilegesRequired": "LOW",
          "providerUrgency": "NOT_DEFINED",
          "subAvailabilityImpact": "LOW",
          "subConfidentialityImpact": "NONE",
          "subIntegrityImpact": "NONE",
          "userInteraction": "NONE",
          "valueDensity": "NOT_DEFINED",
          "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X",
          "version": "4.0",
          "vulnAvailabilityImpact": "HIGH",
          "vulnConfidentialityImpact": "NONE",
          "vulnIntegrityImpact": "NONE",
          "vulnerabilityResponseEffort": "MODERATE"
        },
        "source": "sirt@juniper.net",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-07-11T16:15:26.020",
  "references": [
    {
      "source": "sirt@juniper.net",
      "url": "https://supportportal.juniper.net/JSA100092"
    }
  ],
  "sourceIdentifier": "sirt@juniper.net",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-401"
        }
      ],
      "source": "sirt@juniper.net",
      "type": "Primary"
    }
  ]
}

ghsa-mfrf-wpm5-gv78

Vulnerability from github

Published

2025-07-11 18:30

Modified

2025-07-11 18:30

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.8 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M

Details

When RIB sharding is enabled and a user executes one of several routing related 'show' commands, a certain amount of memory is leaked. When all available memory has been consumed rpd will crash and restart.

The leak can be monitored with the CLI command:

show task memory detail | match task_shard_mgmt_cookie

where the allocated memory in bytes can be seen to continuously increase with each exploitation.

This issue affects:

Junos OS:

all versions before 21.2R3-S9,
21.4 versions before 21.4R3-S11,
22.2 versions before 22.2R3-S7,
22.4 versions before 22.4R3-S7,
23.2 versions before 23.2R2-S4,
23.4 versions before 23.4R2-S4,
24.2 versions before 24.2R2,
24.4 versions before 24.4R1-S2, 24.4R2;

Junos OS Evolved:

all versions before 22.2R3-S7-EVO
22.4-EVO versions before 22.4R3-S7-EVO,
23.2-EVO versions before 23.2R2-S4-EVO,
23.4-EVO versions before 23.4R2-S4-EVO,
24.2-EVO versions before 24.2R2-EVO,
24.4-EVO versions before 24.4R2-EVO.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-52986"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-07-11T16:15:26Z",
    "severity": "MODERATE"
  },
  "details": "A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low privileged user to cause an impact to the availability of the device.\n\nWhen RIB sharding is enabled and a user executes one of several routing related \u0027show\u0027 commands, a certain amount of memory is leaked. When all available memory has been consumed rpd will crash and restart.\n\nThe leak can be monitored with the CLI command:\n\n\n\nshow task memory detail | match task_shard_mgmt_cookie\n\n\n\nwhere the allocated memory in bytes can be seen to continuously increase with each exploitation.\n\n\n\nThis issue affects:\n\nJunos OS:\n\n  *  all versions before 21.2R3-S9,\n  *  21.4 versions before 21.4R3-S11,\n  *  22.2 versions before 22.2R3-S7,\n  *  22.4 versions before 22.4R3-S7,\n  *  23.2 versions before 23.2R2-S4,\u00a0\n  *  23.4 versions before 23.4R2-S4,\n  *  24.2 versions before 24.2R2,\n  *  24.4 versions before 24.4R1-S2, 24.4R2;\n\n\nJunos OS Evolved:\n\n  *  all versions before 22.2R3-S7-EVO\n  *  22.4-EVO versions before 22.4R3-S7-EVO,\n  *  23.2-EVO versions before 23.2R2-S4-EVO,\n  *  23.4-EVO versions before 23.4R2-S4-EVO,\n  *  24.2-EVO versions before 24.2R2-EVO,\u00a0\n  *  24.4-EVO versions before 24.4R2-EVO.",
  "id": "GHSA-mfrf-wpm5-gv78",
  "modified": "2025-07-11T18:30:33Z",
  "published": "2025-07-11T18:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52986"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net/JSA100092"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X",
      "type": "CVSS_V4"
    }
  ]
}

wid-sec-w-2025-1519

Vulnerability from csaf_certbund

Published

2025-07-09 22:00

Modified

2025-07-13 22:00

Summary

Juniper JUNOS: Mehrere Schwachstellen ermöglichen Privilegieneskalation

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

JUNOS ist das "Juniper Network Operating System", das in Juniper Appliances verwendet wird. Die Juniper MX-Serie ist eine Produktfamilie von Routern. SRX Series Services Gateways ist ein Next-Generation Anti-Threat Firewall von Juniper. Juniper Security Director ermöglicht die Verwaltung und Kontrolle von Sicherheitsrichtlinien für lokale Infrastrukturen über eine zentrale, webbasierte Benutzeroberfläche.

Angriff

Ein entfernter Angreifer kann mehrere Schwachstellen in Juniper JUNOS, Juniper MX Series, Juniper SRX Series und Juniper Security Director ausnutzen, um Daten zu manipulieren oder offenzulegen, Sicherheitsmaßnahmen zu umgehen, Code auszuführen, einen Denial of Service zu verursachen oder seine Privilegien zu erweitern.

Betroffene Betriebssysteme

- Juniper Appliance

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "JUNOS ist das \"Juniper Network Operating System\", das in Juniper Appliances verwendet wird.\r\nDie Juniper MX-Serie ist eine Produktfamilie von Routern.\r\nSRX Series Services Gateways ist ein Next-Generation Anti-Threat Firewall von Juniper.\r\nJuniper Security Director erm\u00f6glicht die Verwaltung und Kontrolle von Sicherheitsrichtlinien f\u00fcr lokale Infrastrukturen \u00fcber eine zentrale, webbasierte Benutzeroberfl\u00e4che.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter Angreifer kann mehrere Schwachstellen in Juniper JUNOS, Juniper MX Series, Juniper SRX Series und Juniper Security Director ausnutzen, um Daten zu manipulieren oder offenzulegen, Sicherheitsma\u00dfnahmen zu umgehen, Code auszuf\u00fchren, einen Denial of Service zu verursachen oder seine Privilegien zu erweitern.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Juniper Appliance",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1519 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-1519.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1519 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1519"
      },
      {
        "category": "external",
        "summary": "Juniper Security Advisories vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sortCriteria=date%20descending\u0026f-sf_primarysourcename=Knowledge\u0026f-sf_articletype=Security%20Advisories\u0026numberOfResults=30"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2024-3596 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Vulnerability-in-the-RADIUS-protocol-for-Subscriber-Management-Blast-RADIUS-CVE-2024-3596"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-26466-resolved-in-9-3R2-release vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-CTPView-OpenSSH-vulnerability-CVE-2025-26466-resolved-in-9-3R2-release"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-30661 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-Low-privileged-user-can-cause-script-to-run-as-root-leading-to-privilege-escalation-CVE-2025-30661"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-52946 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-With-traceoptions-enabled-receipt-of-malformed-AS-PATH-causes-RPD-crash-CVE-2025-52946"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-52947 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-ACX-Series-When-hot-standby-mode-is-configured-for-an-L2-circuit-interface-flap-causes-the-FEB-to-crash"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-52948 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-Specific-unknown-traffic-pattern-causes-FPC-and-system-to-crash-when-packet-capturing-is-enabled-CVE-2025-52948"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-52949 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-an-EVPN-environment-receipt-of-a-specifically-malformed-BGP-update-causes-RPD-crash-CVE-2025-52949"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-52950 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Juniper-Security-Director-Insufficient-authorization-for-multiple-endpoints-in-web-interface-CVE-2025-52950"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-52951 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-IPv6-firewall-filter-fails-to-match-payload-protocol-CVE-2025-52951"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-52952 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-MX-Series-with-MPC-BUILTIN-MPC-1-through-MPC-9-Receipt-and-processing-of-a-malformed-packet-causes-one-or-more-FPCs-to-crash-CVE-2025-52952"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-52953 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-unauthenticated-adjacent-attacker-sending-a-valid-BGP-UPDATE-packet-forces-a-BGP-session-reset-CVE-2025-52953"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-52954 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-Evolved-A-low-privileged-user-can-execute-CLI-commands-and-modify-the-configuration-compromise-the-system-CVE-2025-52954"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-52955 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-When-jflow-sflow-is-enabled-receipt-of-specific-route-updates-causes-rpd-crash-CVE-2025-52955"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-52958 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-route-validation-is-enabled-BGP-connection-establishment-failure-causes-RPD-crash-CVE-2025-52958"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-52963 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-A-low-privileged-user-can-disable-an-interface-CVE-2025-52963"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-52964 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-specific-BGP-UPDATE-causes-an-rpd-crash-on-devices-with-BGP-multipath-configured-CVE-2025-52964"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-52980 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-SRX300-Series-Upon-receiving-a-specific-valid-BGP-UPDATE-message-rpd-will-crash-CVE-2025-52980"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-52981 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-SRX-Series-Sequence-of-specific-PIM-packets-causes-a-flowd-crash-CVE-2025-52981"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-52982 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-MX-Series-When-specific-SIP-packets-are-processed-the-MS-MPC-will-crash-CVE-2025-52982"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-52983 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-After-removing-ssh-public-key-authentication-root-can-still-log-in-CVE-2025-52983"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-52984 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-a-static-route-points-to-an-unreachable-next-hop-and-a-gNMI-query-for-this-route-is-processed-RPD-crashes-CVE-2025-52984"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-52985 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-Evolved-When-a-control-plane-firewall-filter-refers-to-a-prefix-list-with-more-then-10-entries-it-s-not-matching-CVE-2025-52985"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-52986 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-RIB-sharding-is-configured-each-time-a-show-command-is-executed-RPD-memory-leaks-CVE-2025-52986"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-52988 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Privilege-escalation-via-CLI-command-request-system-logout-CVE-2025-52988"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-52989 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Annotate-configuration-command-can-be-used-for-privilege-escalation-CVE-2025-52989"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin CVE-2025-6549 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-SRX-Series-J-Web-can-be-exposed-on-additional-interfaces-CVE-2025-6549"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin VU#199397 vom 2025-07-09",
        "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-Evolved-Multiple-vulnerabilities-resolved-for-Insecure-Implementation-of-Tunneling-Protocols-GRE-IPIP-4in6-6in4-VU-199397"
      }
    ],
    "source_lang": "en-US",
    "title": "Juniper JUNOS: Mehrere Schwachstellen erm\u00f6glichen Privilegieneskalation",
    "tracking": {
      "current_release_date": "2025-07-13T22:00:00.000+00:00",
      "generator": {
        "date": "2025-07-14T06:25:13.449+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2025-1519",
      "initial_release_date": "2025-07-09T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-07-09T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-07-13T22:00:00.000+00:00",
          "number": "2",
          "summary": "Referenz(en) aufgenommen: EUVD-2025-21162, EUVD-2025-21161, EUVD-2025-21160, EUVD-2025-21158, EUVD-2025-21157, EUVD-2025-21165, EUVD-2025-21167, EUVD-2025-21156, EUVD-2025-21155, EUVD-2025-21166, EUVD-2025-21163"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Juniper JUNOS",
                "product": {
                  "name": "Juniper JUNOS",
                  "product_id": "T032362",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:juniper:junos:-"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Evolved",
                "product": {
                  "name": "Juniper JUNOS Evolved",
                  "product_id": "T042696",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:juniper:junos:evolved"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "JUNOS"
          },
          {
            "category": "product_name",
            "name": "Juniper MX Series",
            "product": {
              "name": "Juniper MX Series",
              "product_id": "918766",
              "product_identification_helper": {
                "cpe": "cpe:/h:juniper:mx:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Juniper SRX Series",
            "product": {
              "name": "Juniper SRX Series",
              "product_id": "T045305",
              "product_identification_helper": {
                "cpe": "cpe:/h:juniper:srx_service_gateways:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Juniper Security Director",
            "product": {
              "name": "Juniper Security Director",
              "product_id": "T045307",
              "product_identification_helper": {
                "cpe": "cpe:/a:juniper:security_director:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Juniper"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-3596",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2024-3596"
    },
    {
      "cve": "CVE-2025-26466",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-26466"
    },
    {
      "cve": "CVE-2025-30661",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-30661"
    },
    {
      "cve": "CVE-2025-52946",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-52946"
    },
    {
      "cve": "CVE-2025-52947",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-52947"
    },
    {
      "cve": "CVE-2025-52948",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-52948"
    },
    {
      "cve": "CVE-2025-52949",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-52949"
    },
    {
      "cve": "CVE-2025-52950",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-52950"
    },
    {
      "cve": "CVE-2025-52951",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-52951"
    },
    {
      "cve": "CVE-2025-52952",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-52952"
    },
    {
      "cve": "CVE-2025-52953",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-52953"
    },
    {
      "cve": "CVE-2025-52954",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-52954"
    },
    {
      "cve": "CVE-2025-52955",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-52955"
    },
    {
      "cve": "CVE-2025-52958",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-52958"
    },
    {
      "cve": "CVE-2025-52963",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-52963"
    },
    {
      "cve": "CVE-2025-52964",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-52964"
    },
    {
      "cve": "CVE-2025-52980",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-52980"
    },
    {
      "cve": "CVE-2025-52981",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-52981"
    },
    {
      "cve": "CVE-2025-52982",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-52982"
    },
    {
      "cve": "CVE-2025-52983",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-52983"
    },
    {
      "cve": "CVE-2025-52984",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-52984"
    },
    {
      "cve": "CVE-2025-52985",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-52985"
    },
    {
      "cve": "CVE-2025-52986",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-52986"
    },
    {
      "cve": "CVE-2025-52988",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-52988"
    },
    {
      "cve": "CVE-2025-52989",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-52989"
    },
    {
      "cve": "CVE-2025-6549",
      "product_status": {
        "known_affected": [
          "T042696",
          "T045305",
          "T045307",
          "918766",
          "T032362"
        ]
      },
      "release_date": "2025-07-09T22:00:00.000+00:00",
      "title": "CVE-2025-6549"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-52986 (GCVE-0-2025-52986)

Vulnerability from cvelistv5

fkie_cve-2025-52986

Vulnerability from fkie_nvd

ghsa-mfrf-wpm5-gv78

Vulnerability from github

wid-sec-w-2025-1519

Vulnerability from csaf_certbund

Tags

Sightings

Nomenclature