CVE-2025-52961 (GCVE-0-2025-52961)
Vulnerability from cvelistv5
Published
2025-10-09 15:40
Modified
2025-10-09 19:49
CWE
  • CWE-400 - Uncontrolled Resource Consumption
Summary
An Uncontrolled Resource Consumption vulnerability in the Connectivity Fault Management (CFM) daemon and the Connectivity Fault Management Manager (cfmman) of Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016 allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). An attacker on an adjacent device sending specific valid traffic can cause cfmd to spike the CPU to 100% and cfmman's memory to leak, eventually to cause the FPC crash and restart. Continued receipt and processes of these specific valid packets will sustain the Denial of Service (DoS) condition. An indicator of compromise is to watch for an increase in cfmman memory rising over time by issuing the following command and evaluating the RSS number. If the RSS is growing into GBs then consider restarting the device to temporarily clear memory.   user@device> show system processes node fpc<num> detail | match cfmman Example:    show system processes node fpc0 detail | match cfmman    F S UID       PID       PPID PGID   SID   C PRI NI  ADDR SZ    WCHAN   RSS     PSR STIME TTY         TIME     CMD   4 S root      15204     1    15204  15204 0 80  0   - 90802     -      113652   4  Sep25 ?           00:15:28 /usr/bin/cfmman -p /var/pfe -o -c /usr/conf/cfmman-cfg-active.xml This issue affects Junos OS Evolved on PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016: * from 23.2R1-EVO before 23.2R2-S4-EVO, * from 23.4 before 23.4R2-S4-EVO, * from 24.2 before 24.2R2-EVO, * from 24.4 before 24.4R1-S2-EVO, 24.4R2-EVO. This issue does not affect Junos OS Evolved on PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016 before 23.2R1-EVO.
Impacted products
Vendor Product Version
Juniper Networks Junos OS Evolved Version: 23.2R1-EVO   
Version: 23.4-EVO   
Version: 24.2-EVO   
Version: 24.4-EVO   
Create a notification for this product.
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-52961",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-09T19:43:31.113048Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-09T19:49:35.262Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "cfmman",
            "cfmd"
          ],
          "platforms": [
            "PTX10001-36MR",
            "PTX10002-36QDD",
            "PTX10004",
            "PTX10008",
            "PTX10016"
          ],
          "product": "Junos OS Evolved",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "23.2R2-S4-EVO",
              "status": "affected",
              "version": "23.2R1-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "23.4R2-S4-EVO",
              "status": "affected",
              "version": "23.4-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "24.2R2-EVO",
              "status": "affected",
              "version": "24.2-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "24.4R1-S2-EVO, 24.4R2-EVO",
              "status": "affected",
              "version": "24.4-EVO",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R1-EVO",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "This issue occurs only when CFM has been configured on any interface:\u003cbr\u003e\u003ctt\u003e\u0026nbsp; [ protocols oam ethernet connectivity-fault-management maintenance-domain \u0026lt;md-name\u0026gt; level \u0026lt;number\u0026gt; ]\u003cbr\u003e\u003c/tt\u003e"
            }
          ],
          "value": "This issue occurs only when CFM has been configured on any interface:\n\u00a0 [ protocols oam ethernet connectivity-fault-management maintenance-domain \u003cmd-name\u003e level \u003cnumber\u003e ]"
        }
      ],
      "datePublic": "2025-10-08T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An Uncontrolled Resource Consumption vulnerability in the Connectivity Fault Management (CFM) daemon\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;and the Connectivity Fault Management Manager (cfmman)\u0026nbsp;\u003c/span\u003eof Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016  allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003eAn attacker on an adjacent device sending specific valid traffic can cause cfmd to spike the CPU to 100% and cfmman\u0027s memory to leak, eventually to cause the FPC crash and restart.\u003cbr\u003e\u003cbr\u003eContinued receipt and processes of these specific valid packets will sustain the Denial of Service (DoS) condition.\u003cbr\u003e\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn indicator of compromise is to watch\u0026nbsp;for an increase in cfmman memory rising over time by issuing the following command and evaluating the\u0026nbsp;\u003ctt\u003e\u003cspan style=\"background-color: rgb(239, 250, 102);\"\u003e\u003cb\u003eRSS\u003c/b\u003e\u003c/span\u003e\u0026nbsp;number.\u0026nbsp;If the RSS is growing into GBs then consider restarting the device to temporarily clear memory.\u003c/tt\u003e\u003cbr\u003e \u003cbr\u003e\u003c/span\u003e\u003ctt\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp; user@device\u0026gt; show system processes node fpc\u003ci\u003e\u0026lt;num\u0026gt;\u003c/i\u003e detail | match cfmman\u003cbr\u003e\u003c/span\u003e\u003c/tt\u003e\u003cbr\u003eExample:\u0026nbsp;\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e\u0026nbsp; show system processes node fpc0 detail | match cfmman\u0026nbsp;\u003c/tt\u003e\u003ctt\u003e\u003cbr\u003e\u0026nbsp; F S UID \u0026nbsp; \u0026nbsp; \u0026nbsp;  PID\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;PPID  PGID \u0026nbsp; SID\u0026nbsp; \u0026nbsp;C PRI  NI\u0026nbsp; ADDR SZ\u0026nbsp; \u0026nbsp; WCHAN \u0026nbsp;  \u003cb\u003e\u003cspan style=\"background-color: rgb(239, 250, 102);\"\u003eRSS\u003c/span\u003e\u003c/b\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp;PSR STIME TTY \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;  TIME\u0026nbsp; \u0026nbsp; \u0026nbsp;CMD\u003cbr\u003e\u0026nbsp; 4 S root\u0026nbsp; \u0026nbsp; \u0026nbsp; 15204 \u0026nbsp; \u0026nbsp; 1\u0026nbsp; \u0026nbsp; 15204\u0026nbsp; 15204  0  80\u0026nbsp; 0\u0026nbsp; \u0026nbsp;- 90802\u0026nbsp; \u0026nbsp; \u0026nbsp;-\u0026nbsp; \u0026nbsp; \u0026nbsp; \u003cb\u003e\u003cspan style=\"background-color: rgb(239, 250, 102);\"\u003e113652\u003c/span\u003e\u003c/b\u003e\u0026nbsp; \u0026nbsp;4\u0026nbsp; Sep25 ?\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;00:15:28 /usr/bin/cfmman -p /var/pfe -o -c /usr/conf/cfmman-cfg-active.xml\u003c/tt\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS Evolved on\u0026nbsp;PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016:\u003c/p\u003e\u003cul\u003e\u003cli\u003efrom 23.2R1-EVO before 23.2R2-S4-EVO, \u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S4-EVO, \u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R2-EVO, \u003c/li\u003e\u003cli\u003efrom 24.4 before 24.4R1-S2-EVO, 24.4R2-EVO.\u003c/li\u003e\u003c/ul\u003eThis issue does not affect Junos OS Evolved on\u0026nbsp;PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016  before 23.2R1-EVO."
            }
          ],
          "value": "An Uncontrolled Resource Consumption vulnerability in the Connectivity Fault Management (CFM) daemon\u00a0and the Connectivity Fault Management Manager (cfmman)\u00a0of Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016  allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).\n\nAn attacker on an adjacent device sending specific valid traffic can cause cfmd to spike the CPU to 100% and cfmman\u0027s memory to leak, eventually to cause the FPC crash and restart.\n\nContinued receipt and processes of these specific valid packets will sustain the Denial of Service (DoS) condition.\n\nAn indicator of compromise is to watch\u00a0for an increase in cfmman memory rising over time by issuing the following command and evaluating the\u00a0RSS\u00a0number.\u00a0If the RSS is growing into GBs then consider restarting the device to temporarily clear memory.\n \n\u00a0 user@device\u003e show system processes node fpc\u003cnum\u003e detail | match cfmman\n\nExample:\u00a0\n\n\u00a0 show system processes node fpc0 detail | match cfmman\u00a0\n\u00a0 F S UID \u00a0 \u00a0 \u00a0  PID\u00a0 \u00a0 \u00a0 \u00a0PPID  PGID \u00a0 SID\u00a0 \u00a0C PRI  NI\u00a0 ADDR SZ\u00a0 \u00a0 WCHAN \u00a0  RSS\u00a0 \u00a0 \u00a0PSR STIME TTY \u00a0 \u00a0 \u00a0 \u00a0  TIME\u00a0 \u00a0 \u00a0CMD\n\u00a0 4 S root\u00a0 \u00a0 \u00a0 15204 \u00a0 \u00a0 1\u00a0 \u00a0 15204\u00a0 15204  0  80\u00a0 0\u00a0 \u00a0- 90802\u00a0 \u00a0 \u00a0-\u00a0 \u00a0 \u00a0 113652\u00a0 \u00a04\u00a0 Sep25 ?\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a000:15:28 /usr/bin/cfmman -p /var/pfe -o -c /usr/conf/cfmman-cfg-active.xml\nThis issue affects Junos OS Evolved on\u00a0PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016:\n\n  *  from 23.2R1-EVO before 23.2R2-S4-EVO, \n  *  from 23.4 before 23.4R2-S4-EVO, \n  *  from 24.2 before 24.2R2-EVO, \n  *  from 24.4 before 24.4R1-S2-EVO, 24.4R2-EVO.\n\n\nThis issue does not affect Junos OS Evolved on\u00a0PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016  before 23.2R1-EVO."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "YES",
            "Recovery": "AUTOMATIC",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "GREEN",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "CONCENTRATED",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/V:C/RE:M/U:Green",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400 Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-09T15:42:58.625Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/JSA103144"
        },
        {
          "tags": [
            "technical-description"
          ],
          "url": "https://www.juniper.net/documentation/us/en/software/junos/network-mgmt/topics/topic-map/cfm-configuring.html"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The following software releases have been updated to resolve this specific issue:\u0026nbsp;\u003cbr\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eJunos OS Evolved: 23.2R2-S4-EVO, 23.4R2-S4-EVO, 24.2R2-EVO, 24.4R1-S2-EVO, 24.4R2-EVO, 25.2R1-EVO, and all subsequent releases.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue:\u00a0\nJunos OS Evolved: 23.2R2-S4-EVO, 23.4R2-S4-EVO, 24.2R2-EVO, 24.4R1-S2-EVO, 24.4R2-EVO, 25.2R1-EVO, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA103144",
        "defect": [
          "1856405"
        ],
        "discovery": "USER"
      },
      "title": "Junos OS Evolved: PTX Series except PTX10003: An unauthenticated adjacent attacker sending specific valid traffic can cause a memory leak in cfmman leading to FPC crash and restart",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "There are no known workarounds for this issue.\u003cbr\u003eTo reduce the risk of exploitation, enable input and output access control lists (ACLs) and other filtering mechanisms to limit access to the device only from trusted users, hosts and networks.\u003cbr\u003e"
            }
          ],
          "value": "There are no known workarounds for this issue.\nTo reduce the risk of exploitation, enable input and output access control lists (ACLs) and other filtering mechanisms to limit access to the device only from trusted users, hosts and networks."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2025-52961",
    "datePublished": "2025-10-09T15:40:52.572Z",
    "dateReserved": "2025-06-23T13:17:37.424Z",
    "dateUpdated": "2025-10-09T19:49:35.262Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-52961\",\"sourceIdentifier\":\"sirt@juniper.net\",\"published\":\"2025-10-09T16:15:45.247\",\"lastModified\":\"2025-10-14T19:37:28.107\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An Uncontrolled Resource Consumption vulnerability in the Connectivity Fault Management (CFM) daemon\u00a0and the Connectivity Fault Management Manager (cfmman)\u00a0of Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016  allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).\\n\\nAn attacker on an adjacent device sending specific valid traffic can cause cfmd to spike the CPU to 100% and cfmman\u0027s memory to leak, eventually to cause the FPC crash and restart.\\n\\nContinued receipt and processes of these specific valid packets will sustain the Denial of Service (DoS) condition.\\n\\nAn indicator of compromise is to watch\u00a0for an increase in cfmman memory rising over time by issuing the following command and evaluating the\u00a0RSS\u00a0number.\u00a0If the RSS is growing into GBs then consider restarting the device to temporarily clear memory.\\n \\n\u00a0 user@device\u003e show system processes node fpc\u003cnum\u003e detail | match cfmman\\n\\nExample:\u00a0\\n\\n\u00a0 show system processes node fpc0 detail | match cfmman\u00a0\\n\u00a0 F S UID \u00a0 \u00a0 \u00a0  PID\u00a0 \u00a0 \u00a0 \u00a0PPID  PGID \u00a0 SID\u00a0 \u00a0C PRI  NI\u00a0 ADDR SZ\u00a0 \u00a0 WCHAN \u00a0  RSS\u00a0 \u00a0 \u00a0PSR STIME TTY \u00a0 \u00a0 \u00a0 \u00a0  TIME\u00a0 \u00a0 \u00a0CMD\\n\u00a0 4 S root\u00a0 \u00a0 \u00a0 15204 \u00a0 \u00a0 1\u00a0 \u00a0 15204\u00a0 15204  0  80\u00a0 0\u00a0 \u00a0- 90802\u00a0 \u00a0 \u00a0-\u00a0 \u00a0 \u00a0 113652\u00a0 \u00a04\u00a0 Sep25 ?\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a000:15:28 /usr/bin/cfmman -p /var/pfe -o -c /usr/conf/cfmman-cfg-active.xml\\nThis issue affects Junos OS Evolved on\u00a0PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016:\\n\\n  *  from 23.2R1-EVO before 23.2R2-S4-EVO, \\n  *  from 23.4 before 23.4R2-S4-EVO, \\n  *  from 24.2 before 24.2R2-EVO, \\n  *  from 24.4 before 24.4R1-S2-EVO, 24.4R2-EVO.\\n\\n\\nThis issue does not affect Junos OS Evolved on\u00a0PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016  before 23.2R1-EVO.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:C/RE:M/U:Green\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"LOW\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"YES\",\"Recovery\":\"AUTOMATIC\",\"valueDensity\":\"CONCENTRATED\",\"vulnerabilityResponseEffort\":\"MODERATE\",\"providerUrgency\":\"GREEN\"}}],\"cvssMetricV31\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"references\":[{\"url\":\"https://supportportal.juniper.net/JSA103144\",\"source\":\"sirt@juniper.net\"},{\"url\":\"https://www.juniper.net/documentation/us/en/software/junos/network-mgmt/topics/topic-map/cfm-configuring.html\",\"source\":\"sirt@juniper.net\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-52961\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-09T19:43:31.113048Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-09T19:43:32.155Z\"}}], \"cna\": {\"title\": \"Junos OS Evolved: PTX Series except PTX10003: An unauthenticated adjacent attacker sending specific valid traffic can cause a memory leak in cfmman leading to FPC crash and restart\", \"source\": {\"defect\": [\"1856405\"], \"advisory\": \"JSA103144\", \"discovery\": \"USER\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"AUTOMATIC\", \"baseScore\": 7.1, \"Automatable\": \"YES\", \"attackVector\": \"ADJACENT\", \"baseSeverity\": \"HIGH\", \"valueDensity\": \"CONCENTRATED\", \"vectorString\": \"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/V:C/RE:M/U:Green\", \"providerUrgency\": \"GREEN\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"LOW\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"MODERATE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Juniper Networks\", \"modules\": [\"cfmman\", \"cfmd\"], \"product\": \"Junos OS Evolved\", \"versions\": [{\"status\": \"affected\", \"version\": \"23.2R1-EVO\", \"lessThan\": \"23.2R2-S4-EVO\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"23.4-EVO\", \"lessThan\": \"23.4R2-S4-EVO\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"24.2-EVO\", \"lessThan\": \"24.2R2-EVO\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"24.4-EVO\", \"lessThan\": \"24.4R1-S2-EVO, 24.4R2-EVO\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"23.2R1-EVO\", \"versionType\": \"semver\"}], \"platforms\": [\"PTX10001-36MR\", \"PTX10002-36QDD\", \"PTX10004\", \"PTX10008\", \"PTX10016\"], \"defaultStatus\": \"unaffected\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\", \"base64\": false}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"The following software releases have been updated to resolve this specific issue:\\u00a0\\nJunos OS Evolved: 23.2R2-S4-EVO, 23.4R2-S4-EVO, 24.2R2-EVO, 24.4R1-S2-EVO, 24.4R2-EVO, 25.2R1-EVO, and all subsequent releases.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"The following software releases have been updated to resolve this specific issue:\u0026nbsp;\u003cbr\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eJunos OS Evolved: 23.2R2-S4-EVO, 23.4R2-S4-EVO, 24.2R2-EVO, 24.4R1-S2-EVO, 24.4R2-EVO, 25.2R1-EVO, and all subsequent releases.\u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"datePublic\": \"2025-10-08T16:00:00.000Z\", \"references\": [{\"url\": \"https://supportportal.juniper.net/JSA103144\", \"tags\": [\"vendor-advisory\"]}, {\"url\": \"https://www.juniper.net/documentation/us/en/software/junos/network-mgmt/topics/topic-map/cfm-configuring.html\", \"tags\": [\"technical-description\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"There are no known workarounds for this issue.\\nTo reduce the risk of exploitation, enable input and output access control lists (ACLs) and other filtering mechanisms to limit access to the device only from trusted users, hosts and networks.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"There are no known workarounds for this issue.\u003cbr\u003eTo reduce the risk of exploitation, enable input and output access control lists (ACLs) and other filtering mechanisms to limit access to the device only from trusted users, hosts and networks.\u003cbr\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An Uncontrolled Resource Consumption vulnerability in the Connectivity Fault Management (CFM) daemon\\u00a0and the Connectivity Fault Management Manager (cfmman)\\u00a0of Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016  allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).\\n\\nAn attacker on an adjacent device sending specific valid traffic can cause cfmd to spike the CPU to 100% and cfmman\u0027s memory to leak, eventually to cause the FPC crash and restart.\\n\\nContinued receipt and processes of these specific valid packets will sustain the Denial of Service (DoS) condition.\\n\\nAn indicator of compromise is to watch\\u00a0for an increase in cfmman memory rising over time by issuing the following command and evaluating the\\u00a0RSS\\u00a0number.\\u00a0If the RSS is growing into GBs then consider restarting the device to temporarily clear memory.\\n \\n\\u00a0 user@device\u003e show system processes node fpc\u003cnum\u003e detail | match cfmman\\n\\nExample:\\u00a0\\n\\n\\u00a0 show system processes node fpc0 detail | match cfmman\\u00a0\\n\\u00a0 F S UID \\u00a0 \\u00a0 \\u00a0  PID\\u00a0 \\u00a0 \\u00a0 \\u00a0PPID  PGID \\u00a0 SID\\u00a0 \\u00a0C PRI  NI\\u00a0 ADDR SZ\\u00a0 \\u00a0 WCHAN \\u00a0  RSS\\u00a0 \\u00a0 \\u00a0PSR STIME TTY \\u00a0 \\u00a0 \\u00a0 \\u00a0  TIME\\u00a0 \\u00a0 \\u00a0CMD\\n\\u00a0 4 S root\\u00a0 \\u00a0 \\u00a0 15204 \\u00a0 \\u00a0 1\\u00a0 \\u00a0 15204\\u00a0 15204  0  80\\u00a0 0\\u00a0 \\u00a0- 90802\\u00a0 \\u00a0 \\u00a0-\\u00a0 \\u00a0 \\u00a0 113652\\u00a0 \\u00a04\\u00a0 Sep25 ?\\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a0 \\u00a000:15:28 /usr/bin/cfmman -p /var/pfe -o -c /usr/conf/cfmman-cfg-active.xml\\nThis issue affects Junos OS Evolved on\\u00a0PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016:\\n\\n  *  from 23.2R1-EVO before 23.2R2-S4-EVO, \\n  *  from 23.4 before 23.4R2-S4-EVO, \\n  *  from 24.2 before 24.2R2-EVO, \\n  *  from 24.4 before 24.4R1-S2-EVO, 24.4R2-EVO.\\n\\n\\nThis issue does not affect Junos OS Evolved on\\u00a0PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016  before 23.2R1-EVO.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An Uncontrolled Resource Consumption vulnerability in the Connectivity Fault Management (CFM) daemon\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u0026nbsp;and the Connectivity Fault Management Manager (cfmman)\u0026nbsp;\u003c/span\u003eof Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016  allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003eAn attacker on an adjacent device sending specific valid traffic can cause cfmd to spike the CPU to 100% and cfmman\u0027s memory to leak, eventually to cause the FPC crash and restart.\u003cbr\u003e\u003cbr\u003eContinued receipt and processes of these specific valid packets will sustain the Denial of Service (DoS) condition.\u003cbr\u003e\u003cbr\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eAn indicator of compromise is to watch\u0026nbsp;for an increase in cfmman memory rising over time by issuing the following command and evaluating the\u0026nbsp;\u003ctt\u003e\u003cspan style=\\\"background-color: rgb(239, 250, 102);\\\"\u003e\u003cb\u003eRSS\u003c/b\u003e\u003c/span\u003e\u0026nbsp;number.\u0026nbsp;If the RSS is growing into GBs then consider restarting the device to temporarily clear memory.\u003c/tt\u003e\u003cbr\u003e \u003cbr\u003e\u003c/span\u003e\u003ctt\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u0026nbsp; user@device\u0026gt; show system processes node fpc\u003ci\u003e\u0026lt;num\u0026gt;\u003c/i\u003e detail | match cfmman\u003cbr\u003e\u003c/span\u003e\u003c/tt\u003e\u003cbr\u003eExample:\u0026nbsp;\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e\u0026nbsp; show system processes node fpc0 detail | match cfmman\u0026nbsp;\u003c/tt\u003e\u003ctt\u003e\u003cbr\u003e\u0026nbsp; F S UID \u0026nbsp; \u0026nbsp; \u0026nbsp;  PID\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;PPID  PGID \u0026nbsp; SID\u0026nbsp; \u0026nbsp;C PRI  NI\u0026nbsp; ADDR SZ\u0026nbsp; \u0026nbsp; WCHAN \u0026nbsp;  \u003cb\u003e\u003cspan style=\\\"background-color: rgb(239, 250, 102);\\\"\u003eRSS\u003c/span\u003e\u003c/b\u003e\u0026nbsp; \u0026nbsp; \u0026nbsp;PSR STIME TTY \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;  TIME\u0026nbsp; \u0026nbsp; \u0026nbsp;CMD\u003cbr\u003e\u0026nbsp; 4 S root\u0026nbsp; \u0026nbsp; \u0026nbsp; 15204 \u0026nbsp; \u0026nbsp; 1\u0026nbsp; \u0026nbsp; 15204\u0026nbsp; 15204  0  80\u0026nbsp; 0\u0026nbsp; \u0026nbsp;- 90802\u0026nbsp; \u0026nbsp; \u0026nbsp;-\u0026nbsp; \u0026nbsp; \u0026nbsp; \u003cb\u003e\u003cspan style=\\\"background-color: rgb(239, 250, 102);\\\"\u003e113652\u003c/span\u003e\u003c/b\u003e\u0026nbsp; \u0026nbsp;4\u0026nbsp; Sep25 ?\u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp;00:15:28 /usr/bin/cfmman -p /var/pfe -o -c /usr/conf/cfmman-cfg-active.xml\u003c/tt\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS Evolved on\u0026nbsp;PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016:\u003c/p\u003e\u003cul\u003e\u003cli\u003efrom 23.2R1-EVO before 23.2R2-S4-EVO, \u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S4-EVO, \u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R2-EVO, \u003c/li\u003e\u003cli\u003efrom 24.4 before 24.4R1-S2-EVO, 24.4R2-EVO.\u003c/li\u003e\u003c/ul\u003eThis issue does not affect Junos OS Evolved on\u0026nbsp;PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016  before 23.2R1-EVO.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400 Uncontrolled Resource Consumption\"}]}], \"configurations\": [{\"lang\": \"en\", \"value\": \"This issue occurs only when CFM has been configured on any interface:\\n\\u00a0 [ protocols oam ethernet connectivity-fault-management maintenance-domain \u003cmd-name\u003e level \u003cnumber\u003e ]\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"This issue occurs only when CFM has been configured on any interface:\u003cbr\u003e\u003ctt\u003e\u0026nbsp; [ protocols oam ethernet connectivity-fault-management maintenance-domain \u0026lt;md-name\u0026gt; level \u0026lt;number\u0026gt; ]\u003cbr\u003e\u003c/tt\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"shortName\": \"juniper\", \"dateUpdated\": \"2025-10-09T15:42:58.625Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-52961\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-09T19:49:35.262Z\", \"dateReserved\": \"2025-06-23T13:17:37.424Z\", \"assignerOrgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"datePublished\": \"2025-10-09T15:40:52.572Z\", \"assignerShortName\": \"juniper\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.


Loading…

Loading…