CVE-2025-21591 Junos OS: An unauthenticated adjacent attacker sending a malformed DHCP packet causes jdhcpd to crash

🗓️ 09 Apr 2025 19:46:55Reported by juniperType

CVE-2025-21591 allows adjacent attacker to crash jdhcpd in Junos OS via malformed DHCP packet.

Reporter	Title	Published	Views	Family All 10
BDU FSTEC	The vulnerability of the DHCP Daemon (jdhcpd) on Juniper Networks Junos OS allows a attacker to cause a service failure.	7 Jul 202500:00	–	bdu_fstec
Circl	CVE-2025-21591	9 Apr 202519:59	–	circl
CNNVD	Juniper Networks Junos OS 安全漏洞	9 Apr 202500:00	–	cnnvd
CVE	CVE-2025-21591	9 Apr 202519:46	–	cve
EUVD	EUVD-2025-10536	3 Oct 202520:07	–	euvd
NVD	CVE-2025-21591	9 Apr 202520:15	–	nvd
OSV	CVE-2025-21591	9 Apr 202520:15	–	osv
Positive Technologies	PT-2025-15844 · Juniper Networks · Junos	9 Apr 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-21591	11 Apr 202520:31	–	redhatcve
Vulnrichment	CVE-2025-21591 Junos OS: An unauthenticated adjacent attacker sending a malformed DHCP packet causes jdhcpd to crash	9 Apr 202519:46	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "dhcp"
    ],
    "packageName": "jdhcpd",
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "23.2R2-S3",
        "status": "affected",
        "version": "23.1",
        "versionType": "semver"
      },
      {
        "lessThan": "23.4R2-S3",
        "status": "affected",
        "version": "23.4",
        "versionType": "semver"
      },
      {
        "lessThan": "24.2R2",
        "status": "affected",
        "version": "24.2",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "23.1R1",
        "status": "unaffected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
supportportal	www.supportportal.juniper.net/JSA96448

28 Apr 2025 16:21Current

CVSS 47.1

CVSS 3.17.4

EPSS0.00276

CWE-805