Juniper Junos OS l2cpd Signed Conversion Vulnerability (CVE-2025-30646) DoS Advisory

Vulnerability ID: CVE-2025-30646 Affected Products: All versions of Junos OS and Junos OS Evolved Severity: Medium CVSS Score: - v3.1: 6.5 (AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) - v4.0: 7.1 (AV:A/AC:L/ATN:PRN/UI:N/V C:N/I:N/A:H/SC:N/SI:N/SAL:A/U:YR: A/V:C/REM) Description: A signed integer conversion error exists in the Layer 2 Control Protocol daemon (l2cpd), allowing an unauthenticated adjacent attacker to send specially crafted malformed LLDP TLVs, causing the l2cpd process to crash and restart, resulting in a Denial of Service (DoS). Continuous reception and processing of such packets can lead to a persistent DoS condition. When LLDP polling subscription is enabled, receiving specially crafted malformed LLDP TLVs will cause the l2cpd process to crash and restart. Affected Versions: - Junos OS: All versions prior to 21.2R3-59, from 21.4 to 21.4R3-510, from 22.2 to 22.R3-56, from 22.4 to 22.R3-56, from 23.2 to 23.R2-53, from 23.4 to 23.R2-54, from 24.2 to 24.R2 - Junos OS Evolved: All versions prior to 22.2-EVO, from 22.2-EVO to 22.R3-56-EVO, from 22.4-EVO to 22.R3-56-EVO, from 23.2-EVO to 23.R2-53-EVO, from 23.4-EVO to 23.R2-54-EVO, from 24.2-EVO to 24.R2-EVO Solution: The following software versions have been released to address this specific issue: - Junos OS: 21.2R3-59, 21.4R3-510, 22.R3-56, 23.R2-53, 23.R4-54, 24.R2, 24.R1, and subsequent versions - Junos OS Evolved: 21.4R3-510-EVO, 22.R3-56-EVO, 22.R3-56-EVO, 23.R2-53-EVO, 23.R2-54-EVO, 24.R2-EVO, 24.R1-EVO, and subsequent versions Workaround: No known workaround is available.

Goal Reached Thanks to every supporter — we hit 100%!

Juniper Junos OS l2cpd Signed Conversion Vulnerability (CVE-2025-30646) DoS Advisory