CVE-2025-30657: Junos OS: Processing of a specific BGP update causes the SRRD process to crash

5.3 CVSS

Description

An Improper Encoding or Escaping of Output vulnerability in the Sampling Route Record Daemon (SRRD) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).

When a device configured for flow-monitoring receives a specific BGP update message, it is correctly processed internally by the routing protocol daemon (rpd), but when it's sent to SRRD it's encoded incorrectly which leads to a crash and momentary interruption of jflow processing until it automatically restarts. This issue does not affect traffic forwarding itself.
This issue affects Junos OS:

* All versions before 21.2R3-S9,
* 21.4 versions before 21.4R3-S10,
* 22.2 versions before 22.2R3-S6,
* 22.4 versions before 22.4R3,
* 23.2 versions before 23.2R1-S2, 23.2R2.

This issue does not affected Junos OS Evolved.

Classification

CVE ID: CVE-2025-30657

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.3

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Problem Types

CWE-116 Improper Encoding or Escaping of Output

Affected Products

Vendor: Juniper Networks

Product: Junos OS

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 15.88% (scored less or equal to compared to others)

EPSS Date: 2025-04-21 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: none

SSVC Technical Impact: partial

SSVC Automatable: true

References

https://nvd.nist.gov/vuln/detail/CVE-2025-30657
https://supportportal.juniper.net/JSA96467

Timeline

2025-04-09 16:00:32 UTC
Juniper Security Advisories

2025-04 Security Bulletin: Junos OS: Processing of a specific BGP update causes the SRRD process to crash (CVE-2025-30657)
2025-04-09 21:40:10 UTC
CVE

Junos OS: Processing of a specific BGP update causes the SRRD process to crash