CVE-2025-52952
📋 TL;DR
An out-of-bounds write vulnerability in Juniper Junos OS CFM daemon allows unauthenticated adjacent attackers to crash FPC cards by sending malformed packets, causing denial of service. This affects MX Series routers with specific MPC line cards running vulnerable Junos OS versions. The CFM feature must be enabled for exploitation.
💻 Affected Systems
- Juniper Networks Junos OS on MX Series routers
📦 What is this software?
Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →⚠️ Risk & Real-World Impact
Worst Case
Sustained DoS condition with repeated FPC crashes, disrupting all network traffic through affected routers and potentially causing cascading network failures.
Likely Case
Intermittent FPC crashes causing temporary network outages until manual intervention or automatic restart completes.
If Mitigated
No impact if CFM is disabled or proper network segmentation prevents adjacent attackers from reaching vulnerable interfaces.
🎯 Exploit Status
Exploitation requires sending malformed CFM packets to vulnerable interface from adjacent network position.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 22.2R3-S1 or 22.4R2 and later
Vendor Advisory: https://supportportal.juniper.net/JSA100058
Restart Required: Yes
Instructions:
1. Download appropriate Junos OS version from Juniper support portal. 2. Install using 'request system software add' command. 3. Reboot device after installation completes.
🔧 Temporary Workarounds
Disable CFM feature
allDisable Connectivity Fault Management feature if not required
delete protocols oam ethernet connectivity-fault-management
Restrict CFM access
allApply firewall filters to limit CFM packet sources
set firewall family ethernet-switching filter BLOCK-CFM term 1 from protocol cfm
set firewall family ethernet-switching filter BLOCK-CFM term 1 then discard
🧯 If You Can't Patch
- Disable CFM protocol entirely if not required for network operations
- Implement strict network segmentation to prevent adjacent attackers from reaching vulnerable interfaces
🔍 How to Verify
Check if Vulnerable:
Check Junos OS version with 'show version' and verify CFM configuration with 'show configuration protocols oam ethernet connectivity-fault-management'Check Version:
show version | match JunosVerify Fix Applied:
Verify Junos OS version is 22.2R3-S1 or higher, or 22.4R2 or higher with 'show version'📡 Detection & Monitoring
Log Indicators:
- FPC crash messages in system logs
- CFM protocol errors
- Unexpected FPC restarts
Network Indicators:
- Malformed CFM packets on network
- Unusual CFM traffic patterns
SIEM Query:
source="junos" AND ("FPC crash" OR "CFM error" OR "kernel panic")