Critical Juniper Networks Vulnerability Exposes Networks to Remote Attacks

Juniper Networks CVE-2025-21598: Critical Vulnerability in BGP Protocol Puts Networks at Risk

Juniper Networks has issued a security bulletin addressing a critical vulnerability (CVE-2025-21598) affecting its Junos OS and Junos OS Evolved platforms. The vulnerability is found in the routing protocol daemon (rpd), which could allow unauthenticated attackers to execute remote attacks leading to potential network disruptions.

Vulnerability Overview:

The vulnerability arises from an out-of-bounds read issue in the rpd when devices are configured with Border Gateway Protocol (BGP) traceoptions enabled. This flaw could enable an attacker to send malformed BGP packets, causing the rpd process to crash. Once this happens, the system may experience BGP session failures, potentially causing further disruptions across autonomous systems (ASes). Both internal BGP (iBGP) and external BGP (eBGP) sessions could be affected, compromising the stability of IPv4 and IPv6 networks.

The vulnerability, discovered by Juniper Networks, affects several versions of Junos OS, including 21.2R3-S8, 21.4R3-S7, 22.2R3-S4, and others, as well as Junos OS Evolved versions 21.4R3-S7-EVO, 22.2R3-S4-EVO, 23.2R2-EVO, and more. The critical flaw has received a CVSS score of 7.5 under CVSS v3.1, indicating a high severity risk that should not be ignored.

Exploit Details and Risk:

The core issue lies in the ability of attackers to inject malformed BGP packets to vulnerable devices configured with BGP trace options. The vulnerability affects BGP sessions between ASes, which could allow attackers to propagate the issue through multiple systems. In a worst-case scenario, this could lead to widespread disruption across the network infrastructure.

Network administrators can detect the presence of this vulnerability by monitoring system logs for signs of malformed BGP packets or attributes, which may indicate that a network device is affected. Alerts such as “rpd[<pid>]: Received malformed update from <IP address>” may indicate an active exploit in progress.

Impact on Devices:

• Devices Affected:

  • Junos OS: Versions 21.2R3-S8 to 21.2R3-S9, 21.4R3-S7 to 21.4R3-S9, 22.2R3-S4 to 22.2R3-S5, and others.
  • Junos OS Evolved: Versions 21.4R3-S7-EVO to 21.4R3-S9-EVO, 22.2R3-S4-EVO to 22.2R3-S5-EVO, 23.2R2-EVO to 23.2R2-S2-EVO, and others.

• Affected protocols: Both iBGP and eBGP for IPv4 and IPv6 networks.

• Configuration for Exposure: Devices must have BGP trace options enabled to be susceptible to this issue.

Solutions and Mitigation:

Juniper Networks has recommended users upgrade to the following patched versions to mitigate the risk:

• Junos OS: Versions 21.2R3-S9, 21.4R3-S9, 22.2R3-S5, 22.3R3-S4, 22.4R3-S5, 23.2R2-S2, 23.4R2-S1, 24.2R1-S1, 24.2R2, and all subsequent releases.
• Junos OS Evolved: Versions 21.4R3-S9-EVO, 22.2R3-S5-EVO, 22.3R3-S4-EVO, 22.4R3-S5-EVO, 23.2R2-S2-EVO, 23.4R2-S1-EVO, 24.2R1-S2-EVO, and all subsequent releases.

For users who are unable to patch their systems immediately, Juniper recommends disabling BGP packet tracing options as a workaround.

Conclusion:

This vulnerability serves as a critical reminder to network administrators about the importance of regularly patching their devices, especially those managing BGP configurations. By taking swift action to upgrade affected systems, organizations can mitigate the risk of remote exploitation and protect their network integrity from potential disruptions. Juniper Networks has acted promptly to address the issue and provide solutions, demonstrating the importance of maintaining strong security protocols and continuous vigilance against emerging threats.