216.73.217.145

CVE-2025-52961

· Published 09/10/2025 16:15 · Modified 09/10/2025 16:15

Labels: CVE-2025-52961 2025-10-09CVE-2025-52961CWE-400[email protected]

Essential information

Published
09/10/2025 16:15
Modified
09/10/2025 16:15
Author
Creator
CVSS
7.1 HIGH (v3) 7.1 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

An Uncontrolled Resource Consumption vulnerability in the Connectivity Fault Management (CFM) daemon and the Connectivity Fault Management Manager (cfmman) of Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016 allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS). An attacker on an adjacent device sending specific valid traffic can cause cfmd to spike the CPU to 100% and cfmman's memory to leak, eventually to cause the FPC crash and restart. Continued receipt and processes of these specific valid packets will sustain the Denial of Service (DoS) condition. An indicator of compromise is to watch for an increase in cfmman memory rising over time by issuing the following command and evaluating the RSS number. If the RSS is growing into GBs then consider restarting the device to temporarily clear memory.   user@device> show system processes node fpc<num> detail | match cfmman Example:    show system processes node fpc0 detail | match cfmman    F S UID       PID       PPID PGID   SID   C PRI NI  ADDR SZ    WCHAN   RSS     PSR STIME TTY         TIME     CMD   4 S root      15204     1    15204  15204 0 80  0   - 90802     -      113652   4  Sep25 ?           00:15:28 /usr/bin/cfmman -p /var/pfe -o -c /usr/conf/cfmman-cfg-active.xml This issue affects Junos OS Evolved on PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016: * from 23.2R1-EVO before 23.2R2-S4-EVO, * from 23.4 before 23.4R2-S4-EVO, * from 24.2 before 24.2R2-EVO, * from 24.4 before 24.4R1-S2-EVO, 24.4R2-EVO. This issue does not affect Junos OS Evolved on PTX10001-36MR, PTX10002-36QDD, PTX10004, PTX10008, PTX10016 before 23.2R1-EVO.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
juniper / junose cpe:2.3:a:juniper:junose:-:23.2R1-EVO:<23.2R2-S4-EVO:*:*:*:*:*:*
juniper / junose cpe:2.3:a:juniper:junose:-:23.4:<23.4R2-S4-EVO:*:*:*:*:*:*
juniper / junose cpe:2.3:a:juniper:junose:-:24.2:<24.2R2-EVO:*:*:*:*:*:*
juniper / junose cpe:2.3:a:juniper:junose:-:24.4:<24.4R1-S2-EVO:*:*:*:*:*:*

References