CVE-2025-21601 Junos OS: SRX and EX Series, MX240, MX480, MX960, QFX5120 Series: When web management is enabled for specific services an attacker may cause a CPU spike by sending genuine packets to the device

🗓️ 09 Apr 2025 19:51:36Reported by juniperType

Vulnerability in Junos OS allows CPU spikes via genuine packets, causing Denial of Service condition.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2025-21601	9 Apr 202523:28	–	circl
CNNVD	Juniper Networks Junos OS 安全漏洞	9 Apr 202500:00	–	cnnvd
CVE	CVE-2025-21601	9 Apr 202519:51	–	cve
EUVD	EUVD-2025-10526	3 Oct 202520:07	–	euvd
Tenable Nessus	Juniper Junos OS Vulnerability (JSA96452)	9 Apr 202500:00	–	nessus
NVD	CVE-2025-21601	9 Apr 202520:15	–	nvd
OSV	CVE-2025-21601	9 Apr 202520:15	–	osv
Positive Technologies	PT-2025-15851 · Juniper Networks · Junos	9 Apr 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-21601	11 Apr 202520:31	–	redhatcve
Vulnrichment	CVE-2025-21601 Junos OS: SRX and EX Series, MX240, MX480, MX960, QFX5120 Series: When web management is enabled for specific services an attacker may cause a CPU spike by sending genuine packets to the device	9 Apr 202519:51	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "modules": [
      "J-Web",
      "Captive Portal",
      "802.1X",
      "Juniper Secure Connect (JSC)",
      "Firewall Authentication"
    ],
    "packageName": "AppWeb",
    "platforms": [
      "SRX Series",
      "EX Series",
      "MX240",
      "MX480",
      "MX960",
      "QFX5120 Series"
    ],
    "product": "Junos OS",
    "programRoutines": [
      {
        "name": "Mbedthis AppWeb"
      }
    ],
    "repo": "https://www.embedthis.com/appweb",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "21.4R3-S9",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThan": "22.2R3-S5",
        "status": "affected",
        "version": "22.2",
        "versionType": "semver"
      },
      {
        "lessThan": "22.4R3-S4",
        "status": "affected",
        "version": "22.4",
        "versionType": "semver"
      },
      {
        "lessThan": "23.2R2-S3",
        "status": "affected",
        "version": "23.2",
        "versionType": "semver"
      },
      {
        "lessThan": "23.4R2-S3",
        "status": "affected",
        "version": "23.4",
        "versionType": "semver"
      },
      {
        "lessThan": "24.2R1-S1, 24.2R2",
        "status": "affected",
        "version": "24.2",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
supportportal	www.supportportal.juniper.net/JSA96452

09 Apr 2025 19:51Current

CVSS 3.17.5

CVSS 48.7

EPSS0.00341

cve-2025-21601 junos os vulnerability denial of service cpu spike web management services network-based attacker