CVE-2025-60004

An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-Of-Service (DoS). When an affected system receives a specific BGP EVPN update message over an established BGP session, this causes an rpd crash and restart. A BGP EVPN configuration is not necessary to be vulnerable. If peers are not configured to send BGP EVPN updates to a vulnerable device, then this issue can't occur. This issue affects iBGP and eBGP, over IPv4 and IPv6. This issue affects: Junos OS: * 23.4 versions from 23.4R2-S3 before 23.4R2-S5, * 24.2 versions from 24.2R2 before 24.2R2-S1, * 24.4 versions before 24.4R1-S3, 24.4R2; Junos OS Evolved: * 23.4-EVO versions from 23.4R2-S2-EVO before 23.4R2-S5-EVO, * 24.2-EVO versions from 24.2R2-EVO before 24.2R2-S1-EVO, * 24.4-EVO versions before 24.4R1-S3-EVO, 24.4R2-EVO.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://supportportal.juniper.net/JSA103165	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:juniper:junos:23.4:r2-s3::::::
	cpe:2.3:o:juniper:junos:23.4:r2-s4::::::
	cpe:2.3:o:juniper:junos:24.2:r2::::::
	cpe:2.3:o:juniper:junos:24.4:-::::::
	cpe:2.3:o:juniper:junos:24.4:r1::::::
	cpe:2.3:o:juniper:junos:24.4:r1-s2::::::
	cpe:2.3:o:juniper:junos:24.4:r2::::::
	cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s3::::::
	cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s4::::::
	cpe:2.3:o:juniper:junos_os_evolved:24.2:r2::::::
	cpe:2.3:o:juniper:junos_os_evolved:24.4:-::::::
	cpe:2.3:o:juniper:junos_os_evolved:24.4:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:24.4:r1-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:24.4:r2::::::

History

23 Jan 2026, 19:38

Type	Values Removed	Values Added
CPE		cpe:2.3:o:juniper:junos_os_evolved:24.2:r2:::::: cpe:2.3:o:juniper:junos_os_evolved:24.4:-:::::: cpe:2.3:o:juniper:junos:24.2:r2:::::: cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s3:::::: cpe:2.3:o:juniper:junos_os_evolved:24.4:r1-s2:::::: cpe:2.3:o:juniper:junos_os_evolved:24.4:r2:::::: cpe:2.3:o:juniper:junos:24.4:r1:::::: cpe:2.3:o:juniper:junos:24.4:r2:::::: cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s2:::::: cpe:2.3:o:juniper:junos:24.4:r1-s2:::::: cpe:2.3:o:juniper:junos:24.4:-:::::: cpe:2.3:o:juniper:junos:23.4:r2-s4:::::: cpe:2.3:o:juniper:junos_os_evolved:24.4:r1:::::: cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s4:::::: cpe:2.3:o:juniper:junos:23.4:r2-s3::::::
References	~~() https://supportportal.juniper.net/JSA103165 -~~	() https://supportportal.juniper.net/JSA103165 - Vendor Advisory
First Time		Juniper junos Juniper Juniper junos Os Evolved

09 Oct 2025, 17:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-10-09 17:16

Updated : 2026-01-23 19:38

NVD link : CVE-2025-60004

Mitre link : CVE-2025-60004

CVE.ORG link : CVE-2025-60004

JSON object : View

Products Affected

juniper

junos_os_evolved
junos

CWE

CWE-754

Improper Check for Unusual or Exceptional Conditions

7.5 /10