Juniper Junos OS Vulnerability (JSA100052)

🗓️ 09 Jul 2025 00:00:00Reported by TenableType

Junos OS vulnerability allows crashes from specific traffic patterns due to improper BPF handling.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2025-52948	11 Jul 202515:24	–	circl
CNNVD	Juniper Networks Junos OS 安全漏洞	11 Jul 202500:00	–	cnnvd
CVE	CVE-2025-52948	11 Jul 202514:40	–	cve
Cvelist	CVE-2025-52948 Junos OS: Specific unknown traffic pattern causes FPC and system to crash when packet capturing is enabled	11 Jul 202514:40	–	cvelist
EUVD	EUVD-2025-21153	3 Oct 202520:07	–	euvd
NVD	CVE-2025-52948	11 Jul 202515:15	–	nvd
Positive Technologies	PT-2025-29237 · Unknown +1 · Berkeley Packet Filter +1	9 Jul 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-52948	13 Jul 202515:20	–	redhatcve
Vulnrichment	CVE-2025-52948 Junos OS: Specific unknown traffic pattern causes FPC and system to crash when packet capturing is enabled	11 Jul 202514:40	–	vulnrichment

Source	Link
nessus	www.nessus.org/u
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(241662);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/07/18");

  script_cve_id("CVE-2025-52948");
  script_xref(name:"JSA", value:"JSA100052");
  script_xref(name:"IAVA", value:"2025-A-0510");

  script_name(english:"Juniper Junos OS Vulnerability (JSA100052)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA100052
advisory.

  - An Improper Handling of Exceptional Conditions vulnerability in Berkeley Packet Filter (BPF) processing of
    Juniper Networks Junos OS allows an attacker, in rare cases, sending specific, unknown traffic patterns to
    cause the FPC and system to crash and restart. BPF provides a raw interface to data link layers in a
    protocol independent fashion. Internally within the Junos kernel, due to a rare timing issue (race
    condition), when a BPF instance is cloned, the newly created interface causes an internal structure
    leakage, leading to a system crash. The precise content and timing of the traffic patterns is
    indeterminate, but has been seen in a lab environment multiple times. This issue is more likely to occur
    when packet capturing is enabled. See required configuration below. This issue affects Junos OS: * all
    versions before 21.2R3-S9, * from 21.4 before 21.4R3-S10, * from 22.2 before 22.2R3-S6, * from 22.4 before
    22.4R3-S7, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2-S3, * from 24.2 before 24.2R1-S1,
    24.2R2. (CVE-2025-52948)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-Specific-unknown-traffic-pattern-causes-FPC-and-system-to-crash-when-packet-capturing-is-enabled-CVE-2025-52948
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b95a91b5");
  script_set_attribute(attribute:"solution", value:
"Apply the relevant Junos software release referenced in Juniper advisory JSA100052");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L");
  script_set_attribute(attribute:"cvss4_supplemental", value:"CVSS:4.0/AU:Y/R:A/RE:M");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:U");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-52948");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/07/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/07/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/07/09");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Junos Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("junos_version.nasl");
  script_require_keys("Host/Juniper/JUNOS/Version");

  exit(0);
}

include('junos.inc');


var ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');

var vuln_ranges = [
  {'min_ver':'21.4', 'fixed_ver':'21.4R3-S10'},
  {'min_ver':'22.2', 'fixed_ver':'22.2R3-S6'},
  {'min_ver':'22.4', 'fixed_ver':'22.4R3-S7'},
  {'min_ver':'23.2', 'fixed_ver':'23.2R2-S3'},
  {'min_ver':'23.4', 'fixed_ver':'23.4R2-S3'},
  {'min_ver':'24.2', 'fixed_ver':'24.2R1-S1', 'fixed_display':'24.2R1-S1, 24.2R2'}
];

var fix = junos_compare_range(target_version:ver, vuln_ranges:vuln_ranges);
if (empty_or_null(fix)) audit(AUDIT_INST_VER_NOT_VULN, 'Junos OS', ver);
var report = get_report(ver:ver, fix:fix);
security_report_v4(severity:SECURITY_WARNING, port:0, extra:report);

18 Jul 2025 00:00Current

5.6Medium risk

Vulners AI Score5.6

CVSS 3.15.9

CVSS 48.2

EPSS0.00303

SSVC