Juniper Networks kicked off 2025 with security updates that address dozens of vulnerabilities in the Junos OS platform, including multiple high-severity bugs.
Patches were released last week to resolve a high-severity out-of-bounds read flaw in the routing protocol daemon (RPD) of Junos OS and Junos OS Evolved that could lead to denial-of-service (DoS) when processing a malformed BGP packet.
Tracked as CVE-2025-21598, the issue affects systems that have packet receive trace options enabled and “can propagate and multiply through multiple ASes until reaching vulnerable devices”, Juniper says.
As a workaround, users should disable packet tracing options. To detect potential compromises, they should look for malformed update messages in neighboring AS devices that are not affected.
The security updates also patch CVE-2025-21599, a high-severity security defect in the Juniper Tunnel Driver (JTD) of Junos OS Evolved that could be exploited over the network, without authentication, to cause a DoS condition.
“Receipt of specifically malformed IPv6 packets, destined to the device, causes kernel memory to not be freed, resulting in memory exhaustion leading to a system crash and DoS. Continuous receipt and processing of these packets will continue to exhaust kernel memory, creating a sustained DoS condition,” Juniper explains.
The company also released fixes for two high-severity vulnerabilities in OpenSSH used in Junos OS and Junos OS Evolved, tracked as CVE-2024-6387, which is known as regreSSHion, and CVE-2024-39894.
Last week, Juniper also announced that Junos Space 24.1R2 was released with patches for nearly 60 flaws in third-party components, including critical-severity issues in Expat (libexpat), a stream-oriented XML parser library.
Patches were also rolled out for multiple medium-severity bugs in Junos OS and Junos OS Evolved that could lead to DoS conditions and the disclosure of sensitive information.
None of these vulnerabilities appear to be exploited in the wild, but users are advised to apply the available patches as soon as possible, as it is not uncommon for threat actors to target Junos OS flaws. Additional information can be found on Juniper Networks’ security advisories page.
Related: SonicWall Patches Authentication Bypass Vulnerabilities in Firewalls
Related: Palo Alto Networks Patches High-Severity Vulnerability in Retired Migration Tool
Related: The Urgent And Critical Need To Prioritize Mobile Security
Related: CNC Machines Vulnerable to Hijacking, Data Theft, Damaging Cyberattacks
