Main Vulnerability Database SB20251013100

SB20251013100 - Denial of service in Junos OS Evolved CFM and cfmman

Published: October 13, 2025

Security Bulletin ID SB20251013100

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Resource exhaustion (CVE-ID: CVE-2025-52961)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper control for consumption of internal resources in the Connectivity Fault Management (CFM) daemon and the Connectivity Fault Management Manager (cfmman). A remote attacker on the local network can trigger resource exhaustion by sending specialy crafted traffic and perform a denial of service (DoS) attack.

The vulnerability affects the following platforms: PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016.

Remediation

Install update from vendor's website.

References

https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-PTX-Series-except-PTX10003-An-unauthenticated-adjacent-attacker-sending-specific-valid-traffic-can-cause-a-memory-leak-in-cfmman-leading-to-FPC-crash-and-restart-CVE-2025-52961