Junos OS rpd DoS via 'show route as-path' before 21.2R3-S9
CVE-2025-30652 Published on April 9, 2025
Junos OS and Junos OS Evolved: Executing a specific CLI command when asregex-optimized is configured causes an rpd crash
An Improper Handling of Exceptional Conditions vulnerability in routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker executing a CLI command to cause a Denial of Service (DoS).
When asregex-optimized is configured and a specific "show route as-path" CLI command is executed, the rpd crashes and restarts. Repeated execution of this command will cause a sustained DoS condition.
This issue affects Junos OS:
* All versions before 21.2R3-S9,
* from 21.4 before 21.4R3-S10,
* from 22.2 before 22.2R3-S6,
* from 22.4 before 22.4R3-S6,
* from 23.2 before 23.2R2-S3,
* from 23.4 before 23.4R2-S4,
* from 24.2 before 24.2R2.
and Junos OS Evolved:
* All versions before 21.2R3-S9-EVO,
* from 21.4-EVO before 21.4R3-S10-EVO,
* from 22.2-EVO before 22.2R3-S6-EVO,
* from 22.4-EVO before 22.4R3-S6-EVO,
* from 23.2-EVO before 23.2R2-S3-EVO,
* from 23.4-EVO before 23.4R2-S4-EVO,
* from 24.2-EVO before 24.2R2-EVO.
Vulnerability Analysis
CVE-2025-30652 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Timeline
Initial Publication
Weakness Type
Improper Handling of Exceptional Conditions
The software does not handle or incorrectly handles an exceptional condition.
Products Associated with CVE-2025-30652
Want to know whenever a new CVE is published for Juniper Networks Junos? stack.watch will email you.
Affected Versions
Juniper Networks Junos OS:- Before 21.2R3-S9 is affected.
- Version 21.4 and below 21.4R3-S10 is affected.
- Version 22.2 and below 22.2R3-S6 is affected.
- Version 22.4 and below 22.4R3-S6 is affected.
- Version 23.2 and below 23.2R2-S3 is affected.
- Version 23.4 and below 23.4R2-S4 is affected.
- Version 24.2 and below 24.2R2 is affected.
- Before 21.2R3-S9-EVO is affected.
- Version 21.4-EVO and below 21.4R3-S10-EVO is affected.
- Version 22.2-EVO and below 22.2R3-S6-EVO is affected.
- Version 22.4-EVO and below 22.4R3-S6-EVO is affected.
- Version 23.2-EVO and below 23.2R2-S3-EVO is affected.
- Version 23.4-EVO and below 23.4R2-S4-EVO is affected.
- Version 24.2-EVO and below 24.2R2-EVO is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.