Junos OS rpd DoS via BGP UPDATE with pause-computation-during-churn (v<23.4R2)
CVE-2025-52964 Published on July 11, 2025
Junos OS and Junos OS Evolved: Receipt of a specific BGP UPDATE causes an rpd crash on devices with BGP multipath configured
A Reachable Assertion vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).
When the device receives a specific BGP UPDATE packet, the rpd crashes and restarts. Continuous receipt of this specific packet will cause a sustained DoS condition.
For the issue to occur, BGP multipath with "pause-computation-during-churn" must be configured on the device, and the attacker must send the paths via a BGP UPDATE from a established BGP peer.
This issue affects:
Junos OS:
* All versions before 21.4R3-S7,
* from 22.3 before 22.3R3-S3,
* from 22.4 before 22.4R3-S5,
* from 23.2 before 23.2R2,
* from 23.4 before 23.4R2.
Junos OS Evolved:
* All versions before 21.4R3-S7-EVO,
* from 22.3 before 22.3R3-S3-EVO,
* from 22.4 before 22.4R3-S5-EVO,
* from 23.2 before 23.2R2-EVO,
* from 23.4 before 23.4R2-EVO.
Vulnerability Analysis
Weakness Type
What is an assertion failure Vulnerability?
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
CVE-2025-52964 has been classified to as an assertion failure vulnerability or weakness.
Products Associated with CVE-2025-52964
Want to know whenever a new CVE is published for Juniper Networks Junos? stack.watch will email you.
Affected Versions
Juniper Networks Junos OS:- Before 21.4R3-S7 is affected.
- Version 22.3 and below 22.3R3-S3 is affected.
- Version 22.4 and below 22.4R3-S5 is affected.
- Version 23.2 and below 23.2R2 is affected.
- Version 23.4 and below 23.4R2 is affected.
- Version 22.1 and below 22.1* is affected.
- Version 22.2 and below 22.2* is affected.
- Before 21.4R3-S7-EVO is affected.
- Version 22.3 and below 22.3R3-S3-EVO is affected.
- Version 22.4 and below 22.4R3-S5-EVO is affected.
- Version 23.2 and below 23.2R2-EVO is affected.
- Version 23.4 and below 23.4R2-EVO is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.