Local DoS via Return-Value Out of Range in Junos OS FileIO (24.4R1-S2)
CVE-2026-57025 Published on July 9, 2026
Junos OS and Junos OS Evolved: EX Series, QFX Series, MX Series: A specific 'show l2-learning' command causes l2ald crash
A Return of Pointer Value Outside of Expected Range vulnerability in the fileio library of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privilged attacker to cause a Denial-of-Service (DoS).
On EX Series, QFX Series and MX Series a low-privileged attacker issuing a specific 'show l2-learning' command will cause an l2ald crash which will lead to a temporary service impact for all layer 2 services until the process has automatically restarted.
This issue affects EX Series, QFX Series, MX Series:
Junos OS:
* all versions before 23.2R2-S7,
* 23.4 versions before 23.4R2-S7,
* 24.2 versions before 24.2R2,
* 24.4 versions before 24.4R1-S2.
Junos OS Evolved:
* all versions before 23.2R2-S7-EVO,
* 23.4 versions before 23.4R2-S8-EVO,
* 24.2 versions before 24.2R2-EVO,
* 24.4 versions before 24.4R1-S3-EVO.
Vulnerability Analysis
CVE-2026-57025 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Weakness Type
Return of Pointer Value Outside of Expected Range
A function can return a pointer to memory that is outside of the buffer that the pointer is expected to reference.
Products Associated with CVE-2026-57025
stack.watch emails you whenever new vulnerabilities are published in Juniper Networks Junos or Juniper Networks Junos Os Evolved. Just hit a watch button to start following.
Affected Versions
Juniper Networks Junos OS:- Before 23.2R2-S7 is affected.
- Version 23.4 and below 23.4R2-S7 is affected.
- Version 24.2 and below 24.2R2 is affected.
- Version 24.4 and below 24.4R1-S2 is affected.
- Before 23.2R2-S7-EVO is affected.
- Version 23.4 and below 23.4R2-S8-EVO is affected.
- Version 24.2 and below 24.2R2-EVO is affected.
- Version 24.4 and below 24.4R1-S3-EVO is affected.