Juniper Networks Product Security Update Advisory

Overview

Juniper Networks has released security updates to fix vulnerabilities in its products. Users of affected products are advised to update to the latest version.

 

Affected Products

 

CVE-2025-21598

Junos OS versions: 21.2R3-S8 through 21.2R3-S9
Junos OS versions: 21.4R3-S7 through 21.4R3-S9
Junos OS versions: 22.2R3-S4 through 22.2R3-S5
Junos OS versions: 22.3R3-S2 through 22.3R3-S4
Junos OS versions: 22.4R3 through 22.4R3-S5
Junos OS version: 23.2R2 through 23.2R2-S2
Junos OS versions: 23.4R1 through 23.4R2-S1
Junos OS versions: 24.2r1 through 24.2r1-s1, 24.2r2

 

Junos OS Evolved version: 21.4r3-s7-evo to 21.4r3-s9-evo
Junos OS Evolved versions: 22.2r3-s4-evo to 22.2r3-s5-evo
Junos OS Evolved versions: 22.3r3-s2-evo to 22.3r3-s4-evo
Junos OS Evolved versions: 22.4r3-evo to 22.4r3-s5-evo
Junos OS Evolved versions: 23.2r2-evo to 23.2r2-s2-evo
Junos OS Evolved versions: 23.4r1-evo to 23.4r2-s1-evo
Junos OS Evolved versions: 24.2r1-evo through 24.2r1-s2-evo, 24.2r2-evo

 

CVE-2025-21599

Junos OS Evolved versions: 22.4R3-EVO through 22.4R3-S5-EVO
Junos OS Evolved versions: 23.2R2-EVO through 23.2R2-S2-EVO
Junos OS Evolved versions: 23.4r1-evo to 23.4r2-s1-evo
Junos OS Evolved versions: 24.2r1-evo through 24.2r1-s2-evo, 24.2r2-evo

 

Resolved Vulnerabilities

Out-of-bounds read vulnerability (CVE-2025-21598)
Missing Memory Release Vulnerability (CVE-2025-21599)

 

Vulnerability Patches

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
 

CVE-2025-21598

Junos OS Versions: 21.2R3-S9, 21.4R3-S9, 22.2R3-S5, 22.3R3-S4, 22.4R3-S5, 23.2R2-S2, 23.4R2-S1, 24.2R1-S1, 24.2R2, 24.4R1 and at least
Junos OS Evolved version: 21.4R3-S9-EVO, 22.2R3-S5-EVO, 22.3R3-S4-EVO, 22.4R3-S5-EVO, 23.2R2-S2-EVO, 23.4R2-S1-EVO, 24.2R1-S2-EVO, 24.2R2-EVO, 24.4R1-EVO, and at least

 

CVE-2025-21599

Junos OS Evolved versions: 22.4R3-S5-EVO, 23.2R2-S2-EVO, 23.4R2-S2-EVO, 24.2R1-S2-EVO, 24.2R2-EVO*, 24.4R1-EVO and at least

 

References

[1] 2025-01 Security Bulletin: Junos OS and Junos OS Evolved: When BGP traceoptions are configured, receipt of malformed BGP packets causes RPD to crash (CVE-2025-21598)
https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-BGP-traceoptions-are-configured-receipt-of-malformed-BGP-packets-causes-RPD-to-crash-CVE-2025-21598?language=en_US
[2] 2025-01 Security Bulletin: Junos OS Evolved: Receipt of specifically malformed IPv6 packets causes kernel memory exhaustion leading to Denial of Service (CVE-2025-21599)
https://supportportal.juniper.net/s/article/2025-01-Security-Bulletin-Junos-OS-Evolved-Receipt-of-specifically-malformed-IPv6-packets-causes-kernel-memory-exhaustion-leading-to-Denial-of-Service-CVE-2025-21599?language=en_US