Juniper Networks on Wednesday announced patches for dozens of vulnerabilities in Junos OS, Junos OS Evolved, and in third-party dependencies in Junos Space.
Fixes were rolled out for 11 high-severity bugs in Junos OS, at least one of which also impacts Junos OS Evolved. Successful exploitation of these flaws could lead to denial-of-service (DoS) conditions.
The security defects were identified in Junos OS components such as packet forwarding engine (pfe), flow daemon (flowd), routing protocol daemon (rpd), Anti-Virus processing, flexible PIC concentrator (FPC), jdhcpd daemon, web management interfaces, and syslog stream TCP transport.
Some of these only impact specific Juniper devices, such as EX Series, MX Series, or SRX Series. Software updates were released for all impacted products, the company says.
The company also released fixes for 10 medium-severity vulnerabilities in Junos OS and Junos OS Evolved, most of which could lead to DoS conditions.
One of the flaws, however, could allow a local, authenticated attacker with access to the command-line interface to obtain sensitive information.
On Wednesday, Juniper also announced the release of Junos Space version 24.1R3 with fixes for nearly 50 vulnerabilities in third-party software. Some of these flaws are rated ‘critical severity’.
Junos Space Security Director version 24.1R3 was also released with fixes for security defects in third-party dependencies, the same as CTP View version 9.2R1.
For most vulnerabilities, the company makes no mention of in-the-wild exploitation, while for others it specifically notes that it is not aware of malicious attacks targeting them. Additional information can be found on Juniper’s support portal page.
Additionally, the company updated a March 2025 advisory for CVE-2025-21590, an improper isolation or compartmentalization vulnerability in Junos OS’s kernel that could be exploited by attackers with access to the shell to inject arbitrary code and compromise the device.
The update clarifies that, while Junos OS updates that resolve the bug have been released, certain devices will receive the necessary fixes in future platform iterations.
“At least one instance of malicious exploitation has been reported to the Juniper SIRT. Customers are encouraged to upgrade to a fixed release as soon as it’s available and in the meantime take steps to mitigate this vulnerability,” Juniper’s advisory reads.
Related: Mandiant Uncovers Custom Backdoors on End-of-Life Juniper Routers
Related: Juniper Networks Fixes High-Severity Vulnerabilities in Junos OS
Related: Juniper Warns of Mirai Botnet Targeting Session Smart Routers
