CVE-2025-59959

An Untrusted Pointer Dereference vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to cause a Denial-of-Service (DoS). When the command 'show route < ( receive-protocol | advertising-protocol ) bgp > detail' is executed, and at least one of the routes in the intended output has specific attributes, this will cause an rpd crash and restart. 'show route ... extensive' is not affected. This issue affects: Junos OS: * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S5, * 23.4 versions before 23.4R2-S5, * 24.2 versions before 24.2R2-S2, * 24.4 versions before 24.4R2; Junos OS Evolved: * all versions before 22.4R3-S8-EVO, * 23.2 versions before 23.2R2-S5-EVO, * 23.4 versions before 23.4R2-S6-EVO, * 24.2 versions before 24.2R2-S2-EVO, * 24.4 versions before 24.4R2-EVO.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://kb.juniper.net/JSA103148	Vendor Advisory
https://supportportal.juniper.net/	Permissions Required

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:juniper:junos::::::::
	cpe:2.3:o:juniper:junos:22.4:-::::::
	cpe:2.3:o:juniper:junos:22.4:r1::::::
	cpe:2.3:o:juniper:junos:22.4:r1-s1::::::
	cpe:2.3:o:juniper:junos:22.4:r1-s2::::::
	cpe:2.3:o:juniper:junos:22.4:r2::::::
	cpe:2.3:o:juniper:junos:22.4:r2-s1::::::
	cpe:2.3:o:juniper:junos:22.4:r2-s2::::::
	cpe:2.3:o:juniper:junos:22.4:r3::::::
	cpe:2.3:o:juniper:junos:22.4:r3-s1::::::
	cpe:2.3:o:juniper:junos:22.4:r3-s2::::::
	cpe:2.3:o:juniper:junos:22.4:r3-s3::::::
	cpe:2.3:o:juniper:junos:22.4:r3-s4::::::
	cpe:2.3:o:juniper:junos:22.4:r3-s5::::::
	cpe:2.3:o:juniper:junos:22.4:r3-s6::::::
	cpe:2.3:o:juniper:junos:22.4:r3-s7::::::
	cpe:2.3:o:juniper:junos:23.2:-::::::
	cpe:2.3:o:juniper:junos:23.2:r1::::::
	cpe:2.3:o:juniper:junos:23.2:r1-s1::::::
	cpe:2.3:o:juniper:junos:23.2:r1-s2::::::
	cpe:2.3:o:juniper:junos:23.2:r2::::::
	cpe:2.3:o:juniper:junos:23.2:r2-s1::::::
	cpe:2.3:o:juniper:junos:23.2:r2-s2::::::
	cpe:2.3:o:juniper:junos:23.2:r2-s3::::::
	cpe:2.3:o:juniper:junos:23.2:r2-s4::::::
	cpe:2.3:o:juniper:junos:23.4:-::::::
	cpe:2.3:o:juniper:junos:23.4:r1::::::
	cpe:2.3:o:juniper:junos:23.4:r1-s1::::::
	cpe:2.3:o:juniper:junos:23.4:r1-s2::::::
	cpe:2.3:o:juniper:junos:23.4:r2::::::
	cpe:2.3:o:juniper:junos:23.4:r2-s1::::::
	cpe:2.3:o:juniper:junos:23.4:r2-s2::::::
	cpe:2.3:o:juniper:junos:23.4:r2-s3::::::
	cpe:2.3:o:juniper:junos:23.4:r2-s4::::::
	cpe:2.3:o:juniper:junos:24.2:-::::::
	cpe:2.3:o:juniper:junos:24.2:r1::::::
	cpe:2.3:o:juniper:junos:24.2:r1-s1::::::
	cpe:2.3:o:juniper:junos:24.2:r1-s2::::::
	cpe:2.3:o:juniper:junos:24.2:r2::::::
	cpe:2.3:o:juniper:junos:24.2:r2-s1::::::
	cpe:2.3:o:juniper:junos:24.4:-::::::
	cpe:2.3:o:juniper:junos:24.4:r1::::::
	cpe:2.3:o:juniper:junos:24.4:r1-s2::::::
	cpe:2.3:o:juniper:junos:24.4:r1-s3::::::
	cpe:2.3:o:juniper:junos_os_evolved::::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:-::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:r2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:r2-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:r2-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:r3::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:r3-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:r3-s2::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:r3-s3::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:r3-s4::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:r3-s5::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:r3-s6::::::
	cpe:2.3:o:juniper:junos_os_evolved:22.4:r3-s7::::::
	cpe:2.3:o:juniper:junos_os_evolved:23.2:-::::::
	cpe:2.3:o:juniper:junos_os_evolved:23.2:r1::::::
	cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s1::::::
	cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s2::::::
cpe:2.3:o:juniper:junos_os_evolved:23.2:r2::::::
cpe:2.3:o:juniper:junos_os_evolved:23.2:r2-s1::::::
cpe:2.3:o:juniper:junos_os_evolved:23.2:r2-s2::::::
cpe:2.3:o:juniper:junos_os_evolved:23.2:r2-s3::::::
cpe:2.3:o:juniper:junos_os_evolved:23.2:r2-s4::::::
cpe:2.3:o:juniper:junos_os_evolved:23.4:-::::::
cpe:2.3:o:juniper:junos_os_evolved:23.4:r1::::::
cpe:2.3:o:juniper:junos_os_evolved:23.4:r1-s1::::::
cpe:2.3:o:juniper:junos_os_evolved:23.4:r1-s2::::::
cpe:2.3:o:juniper:junos_os_evolved:23.4:r2::::::
cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s1::::::
cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s2::::::
cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s3::::::
cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s4::::::
cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s5::::::
cpe:2.3:o:juniper:junos_os_evolved:24.2:-::::::
cpe:2.3:o:juniper:junos_os_evolved:24.2:r1::::::
cpe:2.3:o:juniper:junos_os_evolved:24.2:r1-s2::::::
cpe:2.3:o:juniper:junos_os_evolved:24.2:r2::::::
cpe:2.3:o:juniper:junos_os_evolved:24.2:r2-s1::::::
cpe:2.3:o:juniper:junos_os_evolved:24.4:-::::::
cpe:2.3:o:juniper:junos_os_evolved:24.4:r1::::::
cpe:2.3:o:juniper:junos_os_evolved:24.4:r1-s2::::::
cpe:2.3:o:juniper:junos_os_evolved:24.4:r1-s3::::::

History

No history.

Information

Published : 2026-01-15 21:16

Updated : 2026-01-23 19:38

NVD link : CVE-2025-59959

Mitre link : CVE-2025-59959

CVE.ORG link : CVE-2025-59959

JSON object : View

Products Affected

juniper

junos
junos_os_evolved

CWE

CWE-822

Untrusted Pointer Dereference

5.5 /10