Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-57025— Junos OS and Junos OS Evolved: EX Series, QFX Series, MX Series: A specific 'show l2-learning' command causes l2ald crash

CVSS 5.5 · Medium EPSS 0.14% · P4

Affected Version Matrix 8

VendorProductVersion RangeStatus
Juniper NetworksJunos OS< 23.2R2-S7affected
23.4< 23.4R2-S7affected
24.2< 24.2R2affected
24.4< 24.4R1-S2affected
Juniper NetworksJunos OS Evolved< 23.2R2-S7-EVOaffected
23.4< 23.4R2-S8-EVOaffected
24.2< 24.2R2-EVOaffected
24.4< 24.4R1-S3-EVOaffected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-57025

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Junos OS and Junos OS Evolved: EX Series, QFX Series, MX Series: A specific 'show l2-learning' command causes l2ald crash
Source: NVD (National Vulnerability Database)
Vulnerability Description
A Return of Pointer Value Outside of Expected Range vulnerability in the fileio library of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privilged attacker to cause a Denial-of-Service (DoS). On EX Series, QFX Series and MX Series a low-privileged attacker issuing a specific 'show l2-learning' command will cause an l2ald crash which will lead to a temporary service impact for all layer 2 services until the process has automatically restarted. This issue affects EX Series, QFX Series, MX Series: Junos OS: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S7, * 24.2 versions before 24.2R2, * 24.4 versions before 24.4R1-S2. Junos OS Evolved: * all versions before 23.2R2-S7-EVO, * 23.4 versions before 23.4R2-S8-EVO, * 24.2 versions before 24.2R2-EVO, * 24.4 versions before 24.4R1-S3-EVO.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
在预期范围外返回指针值
Source: NVD (National Vulnerability Database)
Vulnerability Title
Juniper Networks Junos OS 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Juniper Networks Junos OS是美国Juniper Networks公司的一款专为路由器、交换机和防火墙等物理及虚拟设备打造的网络操作系统。 Juniper Networks Junos OS存在缓冲区错误漏洞,该漏洞源于fileio库存在指针值返回超出预期范围的问题,可能导致本地低权限攻击者造成拒绝服务。以下版本受到影响: Juniper Networks Junos OS:23.2R2-S7之前版本、23.4版本且23.4R2-S7之前版本、24.2版本且24.2R2之前版本、24
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Juniper NetworksJunos OS 0 ~ 23.2R2-S7 -
Juniper NetworksJunos OS Evolved 0 ~ 23.2R2-S7-EVO -

II. Public POCs for CVE-2026-57025

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-57025

登录查看更多情报信息。

Vendor Advisories for CVE-2026-57025 (1)

Same Patch Batch · Juniper Networks · 2026-07-09 · 22 CVEs total

CVE-2026-570267.5 HIGHJunos OS: MX Series with SPC3, SRX Series: Processing of a specifically malformed SIP invi
CVE-2026-570237.5 HIGHJunos OS: MX with SPC3, SRX Series: A specifically malformed TCP packet causes a flowd cra
CVE-2026-570287.3 HIGHJunos OS Evolved: A port which has been inadvertently exposed can be reached by an attacke
CVE-2026-570326.5 MEDIUMJunos OS: EX Series: Subscribing to an unsupported telemetry sensor path causes fxpc proce
CVE-2026-338006.5 MEDIUMJunos OS: MX Series: In a VC scenario a high rate of micro-BFD session flaps will cause an
CVE-2026-338016.5 MEDIUMJunos OS and Junos OS Evolved: When a specifically malformed BGP route update is received
CVE-2026-570276.5 MEDIUMJunos OS: EX4100 Series, EX4400: With sFlow configured in a VC scenario multicast traffic
CVE-2026-338036.5 MEDIUMJunos OS Evolved: A port which has been inadvertently exposed can be reached by an attacke
CVE-2026-570196.5 MEDIUMJunos OS: MX Series: Specific traffic causes an FPC to reset
CVE-2026-570206.5 MEDIUMJunos OS: QFX10000 Series: IPv6 multicast traffic received on non-IRB interfaces causes a
CVE-2026-570225.9 MEDIUMJunos OS: MX Series with SPC3, SRX Series: Specific packet in response to a TCP connection
CVE-2026-337945.9 MEDIUMJunos OS Evolved: PTX Series: Receipt of repeated ECMP routing updates results in PFE cras
CVE-2026-570305.9 MEDIUMJunos OS: SRX Series: Flow sessions are not getting cleared leading to a DoS
CVE-2026-570545.8 MEDIUMJunos OS: MX Series: Web filtering doesn't block specifically formatted URLs
CVE-2026-338025.5 MEDIUMJunos OS: EX Series: Unauthorized users can execute service-impacting CLI command
CVE-2026-570215.3 MEDIUMJunos OS: SRX Series: If VPN compliance-check is configured an attacker can cause http-gk
CVE-2026-570245.3 MEDIUMJunos OS: MX with SPC3, SRX Series: Repeated VPN negotiation failures will eventually caus
CVE-2026-570295.3 MEDIUMJunos OS Evolved: QFX Series: When sFlow collector reachability changes evo-pfemand proces
CVE-2026-570314.7 MEDIUMJunos OS: MX Series: For subscribers configured on static interfaces, input filters are no
CVE-2026-219014.4 MEDIUMJunos OS and Junos OS Evolved: Configuration of a specific SSH option results in mgd crash

Showing top 20 of 22 CVEs. View all on vendor page &rarr; →

IV. Related Vulnerabilities

V. Comments for CVE-2026-57025

No comments yet


Leave a comment