CVE-2025-21598
📋 TL;DR
An out-of-bounds read vulnerability in Juniper Junos OS and Junos OS Evolved routing protocol daemon (rpd) allows unauthenticated attackers to crash the daemon by sending malformed BGP packets when packet receive trace options are enabled. This affects devices with BGP sessions established and can propagate through multiple autonomous systems. Both iBGP and eBGP sessions are vulnerable across IPv4 and IPv6.
💻 Affected Systems
- Juniper Junos OS
- Juniper Junos OS Evolved
📦 What is this software?
Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →⚠️ Risk & Real-World Impact
Worst Case
Complete denial of service for routing services, potentially causing network-wide outages and traffic blackholing across multiple autonomous systems.
Likely Case
rpd crashes leading to routing instability, BGP session flaps, and potential traffic disruption until rpd restarts automatically or manually.
If Mitigated
Limited to devices with packet receive trace options enabled; without this configuration, the vulnerability cannot be triggered.
🎯 Exploit Status
Exploitation requires sending specially crafted BGP packets to devices with specific trace options enabled. The vulnerability can propagate through BGP updates across multiple autonomous systems.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Junos OS: 21.2R3-S9, 21.4R3-S9, 22.2R3-S5, 22.3R3-S4, 22.4R3-S5, 23.2R2-S2, 23.4R2-S1, 24.2R1-S1, 24.2R2. Junos OS Evolved: corresponding EVO versions.
Vendor Advisory: https://supportportal.juniper.net/JSA92867
Restart Required: No
Instructions:
1. Check current version with 'show version'. 2. Download appropriate patch from Juniper support. 3. Apply patch following Juniper upgrade procedures. 4. Verify fix with version check and monitoring.
🔧 Temporary Workarounds
Disable packet receive trace options
allRemove or disable packet receive trace options from BGP configuration to prevent exploitation.
delete protocols bgp traceoptions packet receive
commit
Implement BGP filtering
allUse BGP route policies and prefix lists to filter potentially malformed updates from untrusted peers.
set policy-options prefix-list TRUSTED_PEERS apply-path 'protocols bgp group <group-name> neighbor <peer-ip>'
set policy-options policy-statement FILTER_MALFORMED term REJECT from protocol bgp
set policy-options policy-statement FILTER_MALFORMED term REJECT then reject
set protocols bgp group <group-name> import FILTER_MALFORMED
commit
🧯 If You Can't Patch
- Disable packet receive trace options on all BGP sessions immediately.
- Implement strict BGP filtering and peer authentication to block malformed packets from untrusted sources.
🔍 How to Verify
Check if Vulnerable:
Check if running affected version with 'show version' and verify BGP traceoptions configuration with 'show configuration protocols bgp traceoptions'.Check Version:
show versionVerify Fix Applied:
Verify version is patched with 'show version' and confirm no crashes in logs with 'show log messages | match rpd'.📡 Detection & Monitoring
Log Indicators:
- rpd[<pid>]: Received malformed update from <IP address> (External AS <AS#>)
- rpd[<pid>]: Malformed Attribute
- rpd crash messages in system logs
Network Indicators:
- Unexpected BGP session resets
- Increased BGP update traffic from specific peers
- Routing instability across multiple devices
SIEM Query:
source="junos_logs" AND ("malformed update" OR "Malformed Attribute" OR "rpd crash")