Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Juniper Networks Fixes High-Severity Vulnerabilities in Junos OS

Juniper Networks has patched multiple high-severity vulnerabilities in Junos OS and its third-party components.

Juniper Networks vulnerabilities

Juniper Networks kicked off 2025 with security updates that address dozens of vulnerabilities in the Junos OS platform, including multiple high-severity bugs.

Patches were released last week to resolve a high-severity out-of-bounds read flaw in the routing protocol daemon (RPD) of Junos OS and Junos OS Evolved that could lead to denial-of-service (DoS) when processing a malformed BGP packet.

Tracked as CVE-2025-21598, the issue affects systems that have packet receive trace options enabled and “can propagate and multiply through multiple ASes until reaching vulnerable devices”, Juniper says.

As a workaround, users should disable packet tracing options. To detect potential compromises, they should look for malformed update messages in neighboring AS devices that are not affected.

The security updates also patch CVE-2025-21599, a high-severity security defect in the Juniper Tunnel Driver (JTD) of Junos OS Evolved that could be exploited over the network, without authentication, to cause a DoS condition.

“Receipt of specifically malformed IPv6 packets, destined to the device, causes kernel memory to not be freed, resulting in memory exhaustion leading to a system crash and DoS. Continuous receipt and processing of these packets will continue to exhaust kernel memory, creating a sustained DoS condition,” Juniper explains.

The company also released fixes for two high-severity vulnerabilities in ​OpenSSH used in Junos OS and Junos OS Evolved, tracked as CVE-2024-6387, which is known as regreSSHion, and CVE-2024-39894.

Last week, Juniper also announced that Junos Space 24.1R2 was released with patches for nearly 60 flaws in third-party components, including critical-severity issues in Expat (libexpat), a stream-oriented XML parser library.

Advertisement. Scroll to continue reading.

Patches were also rolled out for multiple medium-severity bugs in Junos OS and Junos OS Evolved that could lead to DoS conditions and the disclosure of sensitive information.

None of these vulnerabilities appear to be exploited in the wild, but users are advised to apply the available patches as soon as possible, as it is not uncommon for threat actors to target Junos OS flaws. Additional information can be found on Juniper Networks’ security advisories page.

Related: SonicWall Patches Authentication Bypass Vulnerabilities in Firewalls

Related: Palo Alto Networks Patches High-Severity Vulnerability in Retired Migration Tool

Related: The Urgent And Critical Need To Prioritize Mobile Security

Related: CNC Machines Vulnerable to Hijacking, Data Theft, Damaging Cyberattacks

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

The US arm of networking giant TP-Link has appointed Adam Robertson as Director of Information and Security.

Cyber exposure management firm Armis has promoted Alex Mosher to President.

Software giant Atlassian has named David Cross as its new CISO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.