Memory Leak in RPD of Junos OS (<21.2R3-S9) – DoS via show commands
CVE-2025-52986 Published on July 11, 2025
Junos OS and Junos OS Evolved: When RIB sharding is configured each time a show command is executed RPD memory leaks
A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low privileged user to cause an impact to the availability of the device.
When RIB sharding is enabled and a user executes one of several routing related 'show' commands, a certain amount of memory is leaked. When all available memory has been consumed rpd will crash and restart.
The leak can be monitored with the CLI command:
show task memory detail | match task_shard_mgmt_cookie
where the allocated memory in bytes can be seen to continuously increase with each exploitation.
This issue affects:
Junos OS:
* all versions before 21.2R3-S9,
* 21.4 versions before 21.4R3-S11,
* 22.2 versions before 22.2R3-S7,
* 22.4 versions before 22.4R3-S7,
* 23.2 versions before 23.2R2-S4,
* 23.4 versions before 23.4R2-S4,
* 24.2 versions before 24.2R2,
* 24.4 versions before 24.4R1-S2, 24.4R2;
Junos OS Evolved:
* all versions before 22.2R3-S7-EVO
* 22.4-EVO versions before 22.4R3-S7-EVO,
* 23.2-EVO versions before 23.2R2-S4-EVO,
* 23.4-EVO versions before 23.4R2-S4-EVO,
* 24.2-EVO versions before 24.2R2-EVO,
* 24.4-EVO versions before 24.4R2-EVO.
Vulnerability Analysis
CVE-2025-52986 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
What is a Memory Leak Vulnerability?
The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory. This is often triggered by improper handling of malformed data or unexpectedly interrupted sessions. In some languages, developers are responsible for tracking memory allocation and releasing the memory. If there are no more pointers or references to the memory, then it can no longer be tracked and identified for release.
CVE-2025-52986 has been classified to as a Memory Leak vulnerability or weakness.
Products Associated with CVE-2025-52986
Want to know whenever a new CVE is published for Juniper Networks Junos? stack.watch will email you.
Affected Versions
Juniper Networks Junos OS:- Before 21.2R3-S9 is affected.
- Version 21.4 and below 21.4R3-S11 is affected.
- Version 22.2 and below 22.2R3-S7 is affected.
- Version 22.4 and below 22.4R3-S7 is affected.
- Version 23.2 and below 23.2R2-S4 is affected.
- Version 23.4 and below 23.4R2-S4 is affected.
- Version 24.2 and below 24.2R2 is affected.
- Version 24.4 and below 24.4R1-S2, 24.4R2 is affected.
- Before 22.2R3-S7-EVO is affected.
- Version 22.4-EVO and below 22.4R3-S7-EVO is affected.
- Version 23.2-EVO and below 23.2R2-S4-EVO is affected.
- Version 23.4-EVO and below 23.4R2-S4-EVO is affected.
- Version 24.2-EVO and below 24.2R2-EVO is affected.
- Version 24.4-EVO and below 24.4R2-EVO is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.