Juniper Junos OS Vulnerability (JSA100087)

🗓️ 17 Feb 2026 00:00:00Reported by TenableType

Junos flowd DoS from multicast PIM packets on SRX4600/SRX5000; older builds affected.

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2025-52981	23 Jan 202621:25	–	circl
CNNVD	Juniper Networks Junos OS 代码问题漏洞	11 Jul 202500:00	–	cnnvd
CVE	CVE-2025-52981	11 Jul 202515:08	–	cve
Cvelist	CVE-2025-52981 Junos OS: SRX Series: Sequence of specific PIM packets causes a flowd crash	11 Jul 202515:08	–	cvelist
EUVD	EUVD-2025-21149	3 Oct 202520:07	–	euvd
NVD	CVE-2025-52981	11 Jul 202516:15	–	nvd
Positive Technologies	PT-2025-29251	9 Jul 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-52981	13 Jul 202515:20	–	redhatcve
Vulnrichment	CVE-2025-52981 Junos OS: SRX Series: Sequence of specific PIM packets causes a flowd crash	11 Jul 202515:08	–	vulnrichment

Source	Link
nessus	www.nessus.org/u
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#TRUSTED 2b7973cd0bfa1504b490316d94c6294fe4e6ba2a63160492c9dc4453c2dcfad1d5a08a357b3d2b83d62c72c3fa465fba521260f396af65ac42ff20865dd51592cc0f6a46dbbfeca1296c171071d1f8d70f88a5d164062df9e4689c523545596741571421d015435cc6ece3b69a857caec0d8a951d9644e65c70b64eff70b57b22d41cbb1f2fa69b4641142cf06b34fa8a7e525e43a103f4f586f1c0cf136ee42a68d1e27fce50ad208c06c19d1098ea2ce51eccd14386f4c7b6660ea1048d60e001552ee139fb45a6734a8c972390dc66bd4a4edf3d6f7ed9daae065515e147c700cefb26090af0be87032c02b8e01a5281ae1d9605371c7fb89fa3844e8adc31245aed649191260496aa06eea2255aa0cc97cd61019eb07c47ad0a3f04c23591ac9a7e613e20642959aa55eb3f8a8535e9dfa9fac103793cc146a082ed071757d0d148bf18db92d8083f40cf54de176bcaf8662f9bf8fefe49a34a02717ec2f66d8ed1fc814802597688b8cd17b932b7e72f706859021e130cf7201ba7b73c6f1887df89f33f37dbcc3b709d2386a258e2fdfd3c41fb7233dab441dec9dc1d416805aa20f50de8b33dadd610cc93008902c0c4511571a8247071fc7df92959d4ba456a3b0e7909034e5dc54846a79ed3dcc56bf76bdb17196344d2ce1cd42080ffc34fb393e46784d6a68f60c35cd58f00f5fea4e4fddc5e09cc5e80e48728a
#TRUST-RSA-SHA256 316c84570c4be2f0b3e6bf344adee9461e45467619886e06b41d55dd2549ce3eccca0ca0a4fdc9afb289c09db5b4d668c6d6470044f391422f5b4b50017c422b6c27b29fc4980ff8bb335fb1fd716f481e0b4e124254c8e33c45cb956f846bd410bbdf9df3966626839e0a95de5f91ac515fff80cecd83d476e8f3757e612bb38848357d35a64e8515500c41b39065af74bffae4b9fa7415cb87d5a932eb4a7e955c0f779218ceaf61c7547a9fbe8d9fb84528a08a8a067622271e5ec141372dc77ee9cb2f377e87d1cb4f3ff1b758703fe6cb94273b1722be2e96d49c67396e48d89e1a036fc4b064ffb7a4128d19e845ceb4c12236951ca64884c4c7586508641f5adfca33ae92777225ad8d0d09cbd680807c4196399d013145e272d981cf3449ebf700279aaf5d40b666c251dbe3cb7cbcae88b8036618b0ab89ae758a3146dad8579712bf9c1821b780944652beff17837554e75152cbdcd27dbfb7007f94d65428dedb9ac2411e63d07efabe8fd0fb88227bdef455e9b3e28170f097e4740d5f84f1a248b04809ef35ac555ead21bc869337f72480befb57b5771b7a5321fd610358dd92b96e357ea55917c6fa30db58eda544cfa8331252005b217744be6f9d4b8c1d7d725818fddc63571e59a553951506b90dc2a2019b5337323a8b87de7abe62a262a14ed49fecd2c4ab7f44f66f9e148da9e93f93abd976391409
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(299304);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/02/17");

  script_cve_id("CVE-2025-52981");
  script_xref(name:"JSA", value:"JSA100087");
  script_xref(name:"IAVA", value:"2025-A-0510");

  script_name(english:"Juniper Junos OS Vulnerability (JSA100087)");

  script_set_attribute(attribute:"synopsis", value:
"The remote device is missing a vendor-supplied security patch.");
  script_set_attribute(attribute:"description", value:
"The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA100087
advisory.

  - An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow processing daemon
    (flowd) of Juniper Networks Junos OS on SRX4600 and SRX5000 Series allows an unauthenticated and logically
    adjacent attacker to cause a Denial-of-Service (DoS). If in a multicast scenario a sequence of specific
    PIM packets is received, this will cause a flowd crash and restart, which leads to momentary service
    interruption. This issue affects Junos OS on SRX 4600 and SRX 5000 Series: * All versions before
    21.4R3-S9, * 22.2 versions before 22.2R3-S5, * 22.3 versions before 22.3R3-S4, * 22.4 versions before
    22.4R3-S4, * 23.2 versions before 23.2R2-S2, * 23.4 versions before 23.4R2, * 24.2 versions before
    24.2R1-S1, 24.2R2. (CVE-2025-52981)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-SRX-Series-Sequence-of-specific-PIM-packets-causes-a-flowd-crash-CVE-2025-52981
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d68f43e7");
  script_set_attribute(attribute:"solution", value:
"Apply the relevant Junos software release referenced in Juniper advisory JSA100087");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L");
  script_set_attribute(attribute:"cvss4_supplemental", value:"CVSS:4.0/AU:Y/R:A/RE:M");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:U");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-52981");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/10/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/07/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/02/17");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:juniper:junos");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Junos Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("junos_version.nasl");
  script_require_keys("Host/Juniper/JUNOS/Version");

  exit(0);
}

include('junos.inc');
include('junos_kb_cmd_func.inc');

# MX device check
var model = get_kb_item_or_exit('Host/Juniper/model');
if (model !~ "^(SRX16|SRX23|SRX40|SRX50)")
{
  audit(AUDIT_DEVICE_NOT_VULN, model);
};

# SPC3 check
var buf = junos_command_kb_item(cmd:'show chassis fpc');
if (buf)
{
  if (buf !~ "SPC3" && model =~ "^SRX50") 
    audit(AUDIT_HOST_NOT, 'using an affected SPC3 card');
};

var ver = get_kb_item_or_exit('Host/Juniper/JUNOS/Version');

var vuln_ranges = [
  {'min_ver':'0.0', 'fixed_ver':'21.2R3-S9'},
  {'min_ver':'21.4', 'fixed_ver':'21.4R3-S11'},
  {'min_ver':'22.2', 'fixed_ver':'22.2R3-S7'},
  {'min_ver':'22.4', 'fixed_ver':'22.4R3-S6'},
  {'min_ver':'23.2', 'fixed_ver':'23.2R2-S4'},
  {'min_ver':'23.4', 'fixed_ver':'23.4R2-S4'},
  {'min_ver':'24.2', 'fixed_ver':'24.2R2'}
];

var fix = junos_compare_range(target_version:ver, vuln_ranges:vuln_ranges);
if (empty_or_null(fix)) audit(AUDIT_INST_VER_NOT_VULN, 'Junos OS', ver);
junos_report(ver:ver, fix:fix, override:FALSE, severity:SECURITY_HOLE);

17 Feb 2026 00:00Current

5.7Medium risk

Vulners AI Score5.7

CVSS 3.17.5

CVSS 48.7

EPSS0.00403

SSVC