CVE-2025-21598 - Out-of-bounds Read Vulnerability in Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon

A recently discovered critical vulnerability, CVE-2025-21598, affects Juniper Networks Junos OS and Junos OS Evolved's routing protocol daemon (rpd). This vulnerability allows an unauthenticated, network-based attacker to send malformed BGP (Border Gateway Protocol) packets to a device configured with packet receive trace options enabled to crash the rpd.

Exploit Details

To exploit this vulnerability, an attacker must establish a BGP session with the target device. The issue affects both iBGP (Interior Border Gateway Protocol) and eBGP (Exterior Border Gateway Protocol), as well as IPv4 and IPv6.

The vulnerability can spread through multiple Autonomous Systems (ASes) until it reaches vulnerable devices.

Indicator of Compromise (IoC)

One way to detect the presence of this vulnerability is by observing malformed update messages in a neighboring AS, which remains unaffected by the issue. To do this, execute the following command on a neighboring device:

show log messages

Look for messages similar to the ones below, originating from devices within proximity to each other

rpd[<pid>]: Received malformed update from <IP address> (External AS <AS#>)

and

rpd[<pid>]: Malformed Attribute

These messages indicate that the malformed packet is propagating through the network.

More information about this vulnerability can be found in the following original references

* Juniper Networks Security Advisory
* CVE Database Record - CVE-2025-21598

Conclusion

It is crucial for affected device owners to address this vulnerability as soon as possible by upgrading to the patched versions mentioned above. Network administrators should monitor their networks for any indicators of compromise to detect and mitigate the issue promptly.

Timeline

Published on: 01/09/2025 19:15:20 UTC