CVE-2025-21599

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-21599
A Missing Release of Memory after Effective Lifetime vulnerability in the Juniper Tunnel Driver (jtd) of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause Denial of Service.  Receipt of specifically malformed IPv6 packets, destined to the device, causes kernel memory to not be freed, resulting in memory exhaustion leading to a system crash and Denial of Service (DoS). Continuous receipt and processing of these packets will continue to exhaust kernel memory, creating a sustained Denial of Service (DoS) condition. This issue only affects systems configured with IPv6. This issue affects Junos OS Evolved:  * from 22.4-EVO before 22.4R3-S5-EVO,  * from 23.2-EVO before 23.2R2-S2-EVO,  * from 23.4-EVO before 23.4R2-S2-EVO,  * from 24.2-EVO before 24.2R1-S2-EVO, 24.2R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 22.4R1-EVO.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://supportportal.juniper.net/JSA92869 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:juniper:junos_os_evolved:22.4:-:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:22.4:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:22.4:r2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:22.4:r2-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:22.4:r2-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:22.4:r3:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:22.4:r3-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:22.4:r3-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:22.4:r3-s3:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:22.4:r3-s4:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:23.2:-:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:23.2:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:23.2:r2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:23.2:r2-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:23.4:-:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:23.4:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:23.4:r1-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:23.4:r1-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:23.4:r2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:24.2:-:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:24.2:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:24.2:r2:*:*:*:*:*:*
History

No history.

Information

Published : 2025-01-09 17:15

Updated : 2026-01-26 19:34

NVD link : CVE-2025-21599

Mitre link : CVE-2025-21599

CVE.ORG link : CVE-2025-21599

JSON object : View

Products Affected

juniper

  • junos_os_evolved
CWE
CWE-401

Missing Release of Memory after Effective Lifetime