CVE-2025-30647

A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS). In a subscriber management scenario, login/logout activity triggers a memory leak, and the leaked memory gradually increments and eventually results in a crash. user@host> show chassis fpc Temp CPU Utilization (%) CPU Utilization (%) Memory Utilization (%) Slot State (C) Total Interrupt 1min 5min 15min DRAM (MB) Heap Buffer 2 Online 36 10 0 9 8 9 32768 26 0 This issue affects Junos OS on MX Series: * All versions before 21.2R3-S9 * from 21.4 before 21.4R3-S10 * from 22.2 before 22.2R3-S6 * from 22.4 before 22.4R3-S5 * from 23.2 before 23.2R2-S3 * from 23.4 before 23.4R2-S3 * from 24.2 before 24.2R2.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://supportportal.juniper.net/JSA96457

Configurations

No configuration.

History

11 Apr 2025, 15:40

Type	Values Removed	Values Added
Summary		(es) Una vulnerabilidad de falta de liberación de memoria tras el tiempo de vida útil efectivo en el motor de reenvío de paquetes (PFE) de Juniper Networks Junos OS en la serie MX permite que un atacante adyacente no autenticado provoque una denegación de servicio (DoS). En un escenario de gestión de suscriptores, la actividad de inicio y cierre de sesión desencadena una fuga de memoria, que aumenta gradualmente y finalmente provoca un bloqueo. ???????????user@host> show chassis fpc ???????????????????????????????????????Temp ?? CPU Utilization (%) ??CPU Utilization (%) ? Memory ??Utilization (%) ??????????????????????Slot State (C) ?? Total Interrupt 1min 5min 15min ? ?DRAM (MB) ?Heap Buffer ????????????????????2 Online 36 ??? 10 0 9 8 9 ?????32768 ?26 0 Este problema afecta a Junos OS en la serie MX: * Todas las versiones anteriores a 21.2R3-S9 * desde 21.4 hasta 21.4R3-S10 * desde 22.2 hasta 22.2R3-S6 * desde 22.4 hasta 22.4R3-S5 * desde 23.2 hasta 23.2R2-S3 * de 23.4 antes de 23.4R2-S3 * de 24.2 antes de 24.2R2.

09 Apr 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-09 20:15

Updated : 2025-04-11 15:40

NVD link : CVE-2025-30647

Mitre link : CVE-2025-30647

CVE.ORG link : CVE-2025-30647

JSON object : View

Products Affected

No product.

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

6.5 /10