CVE-2025-59967

{"id": "CVE-2025-59967", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "sirt@juniper.net", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "sirt@juniper.net", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "AUTOMATIC", "baseScore": 7.1, "Automatable": "YES", "attackVector": "ADJACENT", "baseSeverity": "HIGH", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:C/RE:M/U:Green", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "GREEN", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "HIGH", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-10-09T16:15:46.647", "references": [{"url": "https://supportportal.juniper.net/JSA103156", "tags": ["Vendor Advisory"], "source": "sirt@juniper.net"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "sirt@juniper.net", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "A NULL Pointer Dereference vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved on ACX7024,\u00a0ACX7024X,\u00a0ACX7100-32C,\u00a0ACX7100-48L,\u00a0ACX7348,\u00a0ACX7509 devices allows an unauthenticated, adjacent attacker to cause a \n\nDenial-of-Service (DoS).\n\nWhenever specific valid multicast traffic is received on any layer 3 interface the evo-pfemand process crashes and restarts.\n\nContinued receipt of specific valid multicast traffic\u00a0results in a sustained Denial of Service (DoS) attack. \nThis issue affects Junos OS Evolved on ACX7024, ACX7024X,\u00a0ACX7100-32C, ACX7100-48L, ACX7348, ACX7509:\u00a0\n\n\n\n * from 23.2R2-EVO before 23.2R2-S4-EVO,\u00a0\n * from 23.4R1-EVO before 23.4R2-EVO.\n\n\nThis issue affects IPv4 and IPv6. \n\nThis issue does not affect Junos OS Evolved ACX7024, ACX7024X,\u00a0ACX7100-32C, ACX7100-48L, ACX7348, ACX7509\u00a0versions before 23.2R2-EVO."}], "lastModified": "2026-01-23T18:37:28.230", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.2:r2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4BB6910-B994-45FD-8153-5EC00EE842E6"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.2:r2-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D657944B-2066-4F2C-BC92-EDF4DE1C165C"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.2:r2-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "75A58924-6348-44CF-AB39-1FCE17FE81AC"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.2:r2-s3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A903B31-D9E5-43FA-B09F-7E7769803720"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.4:r1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE777A1F-9CD9-426E-AF1C-FBE01EB9A4A8"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.4:r1-s1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7147BA60-30A5-4CED-9AAF-F6BEA0528B89"}, {"criteria": "cpe:2.3:o:juniper:junos_os_evolved:23.4:r1-s2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E5CE59B-14B2-4F4C-81B5-0430EC954956"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:juniper:acx7024:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "1026737F-BA23-4550-9030-EA0502E97953"}, {"criteria": "cpe:2.3:h:juniper:acx7024x:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2FFFD74C-7BF9-4EAF-B364-356A8393712D"}, {"criteria": "cpe:2.3:h:juniper:acx7100-32c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6FF19E76-F26B-4111-A814-BA7E5C3F2A74"}, {"criteria": "cpe:2.3:h:juniper:acx7100-48l:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F48C7E15-C23D-4E2D-9A1B-C314383C8C32"}, {"criteria": "cpe:2.3:h:juniper:acx7348:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8E5D2688-2C0D-4064-8B8F-343A7C604966"}, {"criteria": "cpe:2.3:h:juniper:acx7509:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B50EC358-F551-4F2B-9DA1-61B6412AB957"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "sirt@juniper.net"}