Summary: Juniper Networks has issued advisories for two critical vulnerabilities in their Junos OS and Junos OS Evolved systems, emphasizing the need for prompt patch management. The first vulnerability allows unauthenticated attackers to crash the routing protocol daemon (RPD) via malformed BGP packets, while the second leads to kernel memory exhaustion through crafted IPv6 packets, resulting in denial of service. Both vulnerabilities have a high severity rating and require immediate attention from network administrators.
Threat Actor: Unauthenticated attackers | unauthenticated attackers
Victim: Juniper Networks users | Juniper Networks
Keypoints :
- First vulnerability (CVE-2025-21598) allows unauthenticated attackers to crash RPD by sending malformed BGP packets.
- Second vulnerability (CVE-2025-21599) causes kernel memory exhaustion through crafted IPv6 packets, leading to DoS.
- Both vulnerabilities have a CVSSv3 score of 7.5 and require immediate patching to mitigate risks.
Views: 6