{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-59969", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "state": "PUBLISHED", "assignerShortName": "juniper", "dateReserved": "2025-09-23T18:19:06.955Z", "datePublished": "2026-04-09T21:25:32.594Z", "dateUpdated": "2026-04-09T21:25:32.594Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["evo-aftmand"], "platforms": ["PTX Series"], "product": "Junos OS Evolved", "vendor": "Juniper Networks", "versions": [{"lessThan": "22.4R3-S8-EVO", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "23.2R2-S5-EVO", "status": "affected", "version": "23.2", "versionType": "semver"}, {"lessThan": "23.4R2-EVO", "status": "affected", "version": "23.4", "versionType": "semver"}, {"lessThan": "24.2R2-EVO", "status": "affected", "version": "24.2", "versionType": "semver"}, {"lessThan": "24.4R2-EVO", "status": "affected", "version": "24.4", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "modules": ["evo-pfemand"], "platforms": ["QFX5000 Series"], "product": "Junos OS Evolved", "vendor": "Juniper Networks", "versions": [{"lessThan": "22.2R3-S7-EVO", "status": "affected", "version": "22.2", "versionType": "semver"}, {"lessThan": "22.4R3-S7-EVO", "status": "affected", "version": "22.4", "versionType": "semver"}, {"lessThan": "23.2R2-S4-EVO", "status": "affected", "version": "23.2", "versionType": "semver"}, {"lessThan": "23.4R2-S5-EVO", "status": "affected", "version": "23.4", "versionType": "semver"}, {"lessThan": "24.2R2-S1-EVO", "status": "affected", "version": "24.2", "versionType": "semver"}, {"lessThan": "24.4R1-S3-EVO, 24.4R2-EVO", "status": "affected", "version": "24.4", "versionType": "semver"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Required Configuration for Exposure:&nbsp;<br><br></span><tt>&nbsp; [ protocols mld ]<br></tt>or<br><tt>&nbsp; [ protocols pim ]<br></tt>"}], "value": "Required Configuration for Exposure:\u00a0\n\n\u00a0 [ protocols mld ]\nor\n\u00a0 [ protocols pim ]"}], "datePublic": "2026-04-08T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the advanced forwarding toolkit (evo-aftmand/<span style=\"background-color: rgb(255, 255, 255);\">evo-pfemand</span>) of Juniper Networks Junos OS Evolved on PTX Series or QFX5000 Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).<p>An attacker sending crafted multicast packets will cause line cards running evo-aftmand/evo-pfemand to crash and restart or non-line card devices to crash and restart.&nbsp;<span style=\"background-color: rgba(255, 255, 255, 0.85);\">Continued receipt and processing of these packets will sustain the Denial of Service (DoS) condition.</span></p><p>This issue affects Junos OS Evolved PTX Series:</p><p></p><ul><li>All versions before 22.4R3-S8-EVO,</li><li>from 23.2 before 23.2R2-S5-EVO,</li><li>from 23.4 before 23.4R2-EVO,</li><li>from 24.2 before 24.2R2-EVO,</li><li>from 24.4 before&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">24.4R2-EVO.</span></li></ul><p></p><p>This issue affects Junos OS Evolved on QFX5000 Series:</p><p></p><ul><li>22.2-EVO version before 22.2R3-S7-EVO,</li><li>22.4-EVO version before 22.4R3-S7-EVO,</li><li>23.2-EVO versions before 23.2R2-S4-EVO,</li><li>23.4-EVO versions before 23.4R2-S5-EVO, </li><li>24.2-EVO versions before 24.2R2-S1-EVO,</li><li>24.4-EVO versions before 24.4R1-S3-EVO, 24.4R2-EVO.</li></ul>This issue does not affect Junos OS Evolved on QFX5000 Series versions before: 21.2R2-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, and 22.1R1-EVO.<br><p></p>"}], "value": "A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the advanced forwarding toolkit (evo-aftmand/evo-pfemand) of Juniper Networks Junos OS Evolved on PTX Series or QFX5000 Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).An attacker sending crafted multicast packets will cause line cards running evo-aftmand/evo-pfemand to crash and restart or non-line card devices to crash and restart.\u00a0Continued receipt and processing of these packets will sustain the Denial of Service (DoS) condition.\n\nThis issue affects Junos OS Evolved PTX Series:\n\n\n\n * All versions before 22.4R3-S8-EVO,\n * from 23.2 before 23.2R2-S5-EVO,\n * from 23.4 before 23.4R2-EVO,\n * from 24.2 before 24.2R2-EVO,\n * from 24.4 before\u00a024.4R2-EVO.\n\n\n\n\nThis issue affects Junos OS Evolved on QFX5000 Series:\n\n\n\n * 22.2-EVO version before 22.2R3-S7-EVO,\n * 22.4-EVO version before 22.4R3-S7-EVO,\n * 23.2-EVO versions before 23.2R2-S4-EVO,\n * 23.4-EVO versions before 23.4R2-S5-EVO, \n * 24.2-EVO versions before 24.2R2-S1-EVO,\n * 24.4-EVO versions before 24.4R1-S3-EVO, 24.4R2-EVO.\n\n\nThis issue does not affect Junos OS Evolved on QFX5000 Series versions before: 21.2R2-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, and 22.1R1-EVO."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "YES", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 7.1, "baseSeverity": "HIGH", "privilegesRequired": "NONE", "providerUrgency": "AMBER", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:U/V:C/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-120", "description": "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2026-04-09T21:25:32.594Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://kb.juniper.net/JSA103159"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue:<br>For PTX Series: 22.4R3-S8-EVO, 23.2R2-S5-EVO, 23.4R2-EVO, 24.2R2-EVO, 24.4R2-EVO, 25.2R1-EVO, and all subsequent releases.<br>For QFX5000 Series: 22.2R3-S7-EVO, 22.4R3-S7-EVO, 23.2R2-S4-EVO, 23.4R2-S5-EVO, 24.2R2-S1-EVO, 24.4R1-S3-EVO, 24.4R2-EVO, 25.2R1-EVO, and all subsequent releases."}], "value": "The following software releases have been updated to resolve this specific issue:\nFor PTX Series: 22.4R3-S8-EVO, 23.2R2-S5-EVO, 23.4R2-EVO, 24.2R2-EVO, 24.4R2-EVO, 25.2R1-EVO, and all subsequent releases.\nFor QFX5000 Series: 22.2R3-S7-EVO, 22.4R3-S7-EVO, 23.2R2-S4-EVO, 23.4R2-S5-EVO, 24.2R2-S1-EVO, 24.4R1-S3-EVO, 24.4R2-EVO, 25.2R1-EVO, and all subsequent releases."}], "source": {"advisory": "JSA103159", "defect": ["1808638", "1869606"], "discovery": "USER"}, "timeline": [{"lang": "en", "time": "2026-01-14T17:00:00.000Z", "value": "Initial Publication"}], "title": "Junos OS Evolved: QFX5000 Series and PTX Series: An attacker sending crafted multicast packets will cause evo-aftmand / evo-pfemand to crash and restart", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "There are no known workarounds for this issue.<br>"}], "value": "There are no known workarounds for this issue."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{}

{}

{}

{}