Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-30644— Junos OS: EX2300, EX3400, EX4000 Series, QFX5k Series: Receipt of a specific DHCP packet causes FPC crash when DHCP Option 82 is enabled

CVSS 7.5 · High EPSS 0.19% · P40
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-30644

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Junos OS: EX2300, EX3400, EX4000 Series, QFX5k Series: Receipt of a specific DHCP packet causes FPC crash when DHCP Option 82 is enabled
Source: NVD (National Vulnerability Database)
Vulnerability Description
A Heap-based Buffer Overflow vulnerability in the flexible PIC concentrator (FPC) of Juniper Networks Junos OS on EX2300, EX3400, EX4100, EX4300, EX4300MP, EX4400, EX4600, EX4650-48Y, and QFX5k Series allows an attacker to send a specific DHCP packet to the device, leading to an FPC crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Under a rare timing scenario outside the attacker's control, memory corruption may be observed when DHCP Option 82 is enabled, leading to an FPC crash and affecting packet forwarding. Due to the nature of the heap-based overflow, exploitation of this vulnerability could also lead to remote code execution within the FPC, resulting in complete control of the vulnerable component. This issue affects Junos OS on EX2300, EX3400, EX4100, EX4300, EX4300MP, EX4400, EX4600, EX4650-48Y, and QFX5k Series: * All versions before 21.4R3-S9,  * from 22.2 before 22.2R3-S5,  * from 22.4 before 22.4R3-S5,  * from 23.2 before 23.2R2-S3,  * from 23.4 before 23.4R2-S3,  * from 24.2 before 24.2R2.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
堆缓冲区溢出
Source: NVD (National Vulnerability Database)
Vulnerability Title
Juniper Networks Junos OS 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Juniper Networks Junos OS是美国瞻博网络(Juniper Networks)公司的一套专用于该公司的硬件设备的网络操作系统。该操作系统提供了安全编程接口和Junos SDK。 Juniper Networks Junos OS存在安全漏洞,该漏洞源于FPC存在堆缓冲区溢出,可能导致拒绝服务或远程代码执行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Juniper NetworksJunos OS 0 ~ 21.4R3-S9 -

II. Public POCs for CVE-2025-30644

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2025-30644

登录查看更多情报信息。

Same Patch Batch · Juniper Networks · 2025-04-09 · 21 CVEs total

CVE-2025-306597.5 HIGHJunos OS: SRX Series: A device configured for vector routing crashes when receiving malfor
CVE-2025-215947.5 HIGHJunos OS: MX Series: In DS-lite and NAT scenario receipt of crafted IPv6 traffic causes po
CVE-2025-216017.5 HIGHJunos OS: SRX and EX Series, MX240, MX480, MX960, QFX5120 Series: When web management is e
CVE-2025-306457.5 HIGHJunos OS: SRX Series: Transmission of specific control traffic sent out of a DS-Lite tunne
CVE-2025-306497.5 HIGHJunos OS: MX240, MX480, MX960 with SPC3: An attacker sending specific packets will cause a
CVE-2025-306517.5 HIGHJunos OS and Junos OS Evolved: Receipt of a specific ICMPv6 packet causes a memory overrun
CVE-2025-306567.5 HIGHJunos OS: MX Series, SRX Series: Processing of specific SIP INVITE messages by the SIP ALG
CVE-2025-306587.5 HIGHJunos OS: SRX Series: On devices with Anti-Virus enabled, malicious server responses will
CVE-2025-306607.5 HIGHJunos OS: MX Series: Decapsulation of specific GRE packets leads to PFE reset
CVE-2025-306487.4 HIGHJunos OS and Junos OS Evolved: Receipt of a specifically malformed DHCP packet causes jdhc
CVE-2025-215917.4 HIGHJunos OS: An unauthenticated adjacent attacker sending a malformed DHCP packet causes jdhc
CVE-2025-306536.5 MEDIUMJunos OS and Junos OS Evolved: LSP flap in a specific MPLS scenario leads to rpd crash
CVE-2025-306476.5 MEDIUMJunos OS: MX Series: Subscriber login/logout activity will lead to a memory leak
CVE-2025-306466.5 MEDIUMJunos OS and Junos OS Evolved: Receipt of a malformed LLDP TLV results in l2cpd crash
CVE-2025-215956.5 MEDIUMJunos OS and Junos OS Evolved: In an EVPN-VXLAN scenario specific ARP or NDP packets cause
CVE-2025-306545.5 MEDIUMJunos OS and Junos OS Evolved: A local, low privileged user can access sensitive informati
CVE-2025-306525.5 MEDIUMJunos OS and Junos OS Evolved: Executing a specific CLI command when asregex-optimized is
CVE-2025-306555.5 MEDIUMJunos OS and Junos OS Evolved: A specific CLI command will cause an RPD crash when rib-sha
CVE-2025-306575.3 MEDIUMJunos OS: Processing of a specific BGP update causes the SRRD process to crash
CVE-2025-215975.3 MEDIUMJunos OS and Junos OS Evolved: When BGP rib-sharding and update-threading are configured a

IV. Related Vulnerabilities

Same product: Junos OS
Same vendor: Juniper Networks
Same weakness: CWE-122

V. Comments for CVE-2025-30644

No comments yet

Leave a comment