CVE-2025-59964
📋 TL;DR
An uninitialized resource vulnerability in Juniper SRX4700 devices with forwarding-options sampling enabled allows unauthenticated network attackers to cause FPC line card crashes by sending traffic to the Routing Engine. This creates a denial-of-service condition affecting both IPv4 and IPv6 traffic. Only SRX4700 devices running specific Junos OS versions are affected.
💻 Affected Systems
- Juniper Networks SRX4700
📦 What is this software?
Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →Junos by Juniper
Junos OS is Juniper Networks' flagship network operating system running on enterprise routers, switches, security appliances, and data center infrastructure worldwide. Deployed across telecommunications providers, ISPs, cloud service providers, financial institutions, and large enterprises, Junos po...
Learn more about Junos →⚠️ Risk & Real-World Impact
Worst Case
Sustained DoS condition rendering the SRX4700's Packet Forwarding Engine line card unusable, disrupting all network traffic through the device.
Likely Case
Intermittent FPC crashes and restarts causing network instability and packet loss when sampling is enabled and traffic reaches the RE.
If Mitigated
No impact if sampling is disabled or the device is not exposed to untrusted traffic.
🎯 Exploit Status
Attack requires no authentication and minimal technical skill to execute once the target is identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Junos OS 24.4R1-S3 or later
Vendor Advisory: https://supportportal.juniper.net/JSA103153
Restart Required: Yes
Instructions:
1. Download Junos OS 24.4R1-S3 or later from Juniper support portal. 2. Upload to SRX4700. 3. Install using 'request system software add' command. 4. Reboot device after installation.
🔧 Temporary Workarounds
Disable forwarding-options sampling
allDisables the vulnerable sampling feature that triggers the FPC crash.
delete forwarding-options sampling
🧯 If You Can't Patch
- Disable forwarding-options sampling configuration
- Implement strict access controls to limit traffic reaching the Routing Engine from untrusted sources
🔍 How to Verify
Check if Vulnerable:
Check if running affected version with 'show version' and verify sampling is enabled with 'show configuration forwarding-options sampling'.Check Version:
show version | match JunosVerify Fix Applied:
After patching, verify version is 24.4R1-S3 or later with 'show version' and test by sending traffic to RE with sampling enabled.📡 Detection & Monitoring
Log Indicators:
- FPC crash messages in system logs
- Line card restart events
- Increased sampling-related errors
Network Indicators:
- Sudden traffic drops through SRX4700
- Increased packet loss to destinations behind the firewall
SIEM Query:
device_vendor:"Juniper" AND device_model:"SRX4700" AND (log_message:"FPC crash" OR log_message:"line card restart")