Security Alert (A25-10-10): Multiple Vulnerabilities in Juniper Networks Products

Description:

Juniper Networks has published security advisories to address multiple vulnerabilities in Junos OS and Junos OS Evolved. For detailed information about the vulnerabilities, please refer to the corresponding security advisories at vendor's website.

Affected Systems:

• Juniper Networks Junos OS
• Juniper Networks Junos OS Evolved

For detailed information of the affected systems, please refer to the corresponding security advisory at vendor's website.

Impact:

Successful exploitation of the vulnerabilities could lead to remote code execution, elevation of privilege, information disclosure, denial of service or security restriction bypass on an affected system.

Recommendation:

Patches for affected systems are now available. System administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

More Information:

• https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Device-allows-login-for-user-with-expired-password-CVE-2025-60010
• https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Specific-BGP-EVPN-update-message-causes-rpd-crash-CVE-2025-60004
• https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-With-BGP-sharding-enabled-change-in-indirect-next-hop-can-cause-RPD-crash-CVE-2025-59962
• https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-ACX7024-ACX7024X-ACX7100-32C-ACX7100-48L-ACX7348-ACX7509-When-specific-valid-multicast-traffic-is-received-on-the-L3-interface-a-vulnerable-device-evo-pfemand-crashes-and-restarts-CVE-2025-59967
• https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-Multiple-OS-command-injection-vulnerabilities-fixed-CVE-2025-60006
• https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-PTX-Series-except-PTX10003-An-unauthenticated-adjacent-attacker-sending-specific-valid-traffic-can-cause-a-memory-leak-in-cfmman-leading-to-FPC-crash-and-restart-CVE-2025-52961
• https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-Evolved-PTX-Series-When-firewall-filter-rejects-traffic-these-packets-are-erroneously-sent-to-the-RE-CVE-2025-59958
• https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-EX4600-Series-and-QFX5000-Series-An-attacker-with-physical-access-can-open-a-persistent-backdoor-CVE-2025-59957
• https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-SRX4700-When-forwarding-options-sampling-is-enabled-any-traffic-destined-to-the-RE-will-cause-the-forwarding-line-card-to-crash-and-restart-CVE-2025-59964
• https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-SRX-Series-and-MX-Series-Receipt-of-specific-SIP-packets-in-a-high-utilization-situation-causes-a-flowd-crash-CVE-2025-52960
• https://supportportal.juniper.net/s/article/2025-10-Security-Bulletin-Junos-OS-When-a-user-with-the-name-ftp-or-anonymous-is-configured-unauthenticated-filesystem-access-is-allowed-CVE-2025-59980
• https://www.hkcert.org/security-bulletin/juniper-junos-os-multiple-vulnerabilities_20251010
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52960 (to CVE-2025-52961)
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59957 (to CVE-2025-59958)
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59962
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59964
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59967
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59980
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60004
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60006
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-60010