Vulnerabilities ›

CVE-2025-59969

Medium

CWE-120 — Weakness Type

                    Published: Apr 9, 2026                      ·  Modified: Apr 12, 2026                      ·  Source: NVD                

CVSS v3

6.5

🔗 NVD Official

📄 Description (English)

A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in the advanced forwarding toolkit (evo-aftmand/evo-pfemand) of Juniper Networks Junos OS Evolved on PTX Series or QFX5000 Series allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).An attacker sending crafted multicast packets will cause line cards running evo-aftmand/evo-pfemand to crash and restart or non-line card devices to crash and restart. Continued receipt and processing of these packets will sustain the Denial of Service (DoS) condition.

This issue affects Junos OS Evolved PTX Series:

* All versions before 22.4R3-S8-EVO,
* from 23.2 before 23.2R2-S5-EVO,
* from 23.4 before 23.4R2-EVO,
* from 24.2 before 24.2R2-EVO,
* from 24.4 before 24.4R2-EVO.

This issue affects Junos OS Evolved on QFX5000 Series:

* 22.2-EVO version before 22.2R3-S7-EVO,
* 22.4-EVO version before 22.4R3-S7-EVO,
* 23.2-EVO versions before 23.2R2-S4-EVO,
* 23.4-EVO versions before 23.4R2-S5-EVO,
* 24.2-EVO versions before 24.2R2-S1-EVO,
* 24.4-EVO versions before 24.4R1-S3-EVO, 24.4R2-EVO.

This issue does not affect Junos OS Evolved on QFX5000 Series versions before: 21.2R2-S1-EVO, 21.2R3-EVO, 21.3R2-EVO, 21.4R1-EVO, and 22.1R1-EVO.

🤖 AI Executive Summary

CVE-2025-59969 is a buffer overflow vulnerability in Juniper Networks Junos OS Evolved affecting PTX and QFX5000 series devices. An unauthenticated adjacent attacker can trigger a Denial of Service by sending crafted multicast packets, causing line cards or devices to crash and restart repeatedly. While currently no public exploit exists, the vulnerability requires only network adjacency and can sustain DoS conditions through continued packet transmission.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 11, 2026 07:37

🇸🇦 Saudi Arabia Impact Assessment

This vulnerability poses significant risk to Saudi telecommunications infrastructure, particularly STC and other telecom operators utilizing Juniper PTX/QFX5000 devices for core routing and switching. Energy sector organizations (ARAMCO, power utilities) relying on these devices for SCADA/industrial network connectivity face operational disruption risks. Government entities and financial institutions (SAMA-regulated banks) using Juniper infrastructure for critical network backbone could experience service interruptions. The adjacent-network requirement limits exposure but remains critical for organizations with untrusted network segments or multi-tenant environments.

🏢 Affected Saudi Sectors

Telecommunications (STC, Mobily, Zain) Energy (ARAMCO, power utilities, water authorities) Banking and Financial Services (SAMA-regulated institutions) Government and Public Administration Healthcare (Ministry of Health) Large Enterprise Networks

🎯 MITRE ATT&CK Techniques

T1499 - Endpoint Denial of Service T1499.004 - Application Exhaustion Flood T1190 - Exploit Public-Facing Application T1657 - Financial Theft

⚖️ Saudi Risk Score (AI)

7.2

/ 10.0

🔧 Remediation Steps (English)

IMMEDIATE ACTIONS:

1. Identify all Juniper PTX and QFX5000 Series devices running affected Junos OS Evolved versions in your environment

2. Implement network segmentation to restrict multicast traffic from untrusted adjacent networks

3. Enable multicast rate limiting and ingress filtering on affected devices

4. Monitor device CPU, memory, and restart logs for anomalous behavior

PATCHING GUIDANCE:

1. For PTX Series: Upgrade to 22.4R3-S8-EVO or later, 23.2R2-S5-EVO or later, 23.4R2-EVO or later, 24.2R2-EVO or later, or 24.4R2-EVO or later

2. For QFX5000 Series: Upgrade to 22.2R3-S7-EVO, 22.4R3-S7-EVO, 23.2R2-S4-EVO, 23.4R2-S5-EVO, 24.2R2-S1-EVO, 24.4R1-S3-EVO, or 24.4R2-EVO

3. Schedule maintenance windows for device upgrades with minimal business impact

4. Test patches in lab environment before production deployment

COMPENSATING CONTROLS (if patching delayed):

1. Implement strict ACLs to block multicast traffic from untrusted sources

2. Configure multicast group filtering to allow only required groups

3. Deploy network-based DoS mitigation (traffic scrubbing)

4. Establish automated alerting for device restarts and high CPU utilization

5. Maintain hot-standby devices for rapid failover

DETECTION RULES:

1. Monitor for unexpected device restarts or line card failures

2. Alert on sustained high CPU utilization on evo-aftmand/evo-pfemand processes

3. Track multicast packet anomalies (unusual source IPs, malformed packets)

4. Log and analyze device crash dumps for buffer overflow signatures

5. Implement NetFlow/sFlow monitoring for multicast traffic pattern analysis

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. تحديد جميع أجهزة Juniper PTX و QFX5000 Series التي تعمل بإصدارات Junos OS Evolved المتأثرة في بيئتك

2. تنفيذ تقسيم الشبكة لتقييد حركة البث المتعدد من الشبكات المجاورة غير الموثوقة

3. تفعيل تحديد معدل البث المتعدد وتصفية الدخول على الأجهزة المتأثرة

4. مراقبة سجلات CPU والذاكرة وإعادة التشغيل للأجهزة للكشف عن السلوك الشاذ

إرشادات التصحيح:

1. لسلسلة PTX: الترقية إلى 22.4R3-S8-EVO أو أحدث، 23.2R2-S5-EVO أو أحدث، 23.4R2-EVO أو أحدث، 24.2R2-EVO أو أحدث، أو 24.4R2-EVO أو أحدث

2. لسلسلة QFX5000: الترقية إلى 22.2R3-S7-EVO أو 22.4R3-S7-EVO أو 23.2R2-S4-EVO أو 23.4R2-S5-EVO أو 24.2R2-S1-EVO أو 24.4R1-S3-EVO أو 24.4R2-EVO

3. جدولة نوافذ الصيانة لترقية الأجهزة بأقل تأثير على الأعمال

4. اختبار التصحيحات في بيئة المختبر قبل نشرها في الإنتاج

الضوابط البديلة (إذا تأخر التصحيح):

1. تنفيذ قوائم التحكم في الوصول الصارمة لحظر حركة البث المتعدد من المصادر غير الموثوقة

2. تكوين تصفية مجموعات البث المتعدد للسماح فقط بالمجموعات المطلوبة

3. نشر تخفيف رفض الخدمة القائم على الشبكة (تنظيف حركة المرور)

4. إنشاء تنبيهات آلية لإعادة تشغيل الأجهزة واستخدام CPU العالي

5. الحفاظ على أجهزة احتياطية نشطة للفشل السريع

قواعد الكشف:

1. مراقبة إعادة تشغيل الأجهزة غير المتوقعة أو فشل بطاقات الخطوط

2. التنبيه على استخدام CPU المرتفع المستمر على عمليات evo-aftmand/evo-pfemand

3. تتبع شذوذ حزم البث المتعدد (عناوين IP مصدر غير عادية، حزم مشوهة)

4. تسجيل وتحليل تفريغات تعطل الأجهزة للتوقيعات المتعلقة بتجاوز المخزن المؤقت

5. تنفيذ مراقبة NetFlow/sFlow لتحليل أنماط حركة البث المتعدد

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

ECC 2024 A.12.6.1 - Management of technical vulnerabilities ECC 2024 A.12.2.1 - Monitoring and testing of information systems ECC 2024 A.14.2.1 - Change management procedures

🔵 SAMA CSF

SAMA CSF ID.BE-5 - Organizational resilience objectives SAMA CSF PR.IP-12 - Information and records management SAMA CSF DE.CM-1 - The network is monitored for unauthorized connections

🟡 ISO 27001:2022

ISO 27001:2022 A.12.2.1 - Change management ISO 27001:2022 A.12.6.1 - Management of technical vulnerabilities ISO 27001:2022 A.8.1.3 - Segregation of duties

🟣 PCI DSS v4.0.1

PCI DSS 6.2 - Security patches must be installed within defined timeframe PCI DSS 11.2.2 - Vulnerability scanning and remediation

🔗 References & Sources 1

🔗

https://kb.juniper.net/JSA103159

sirt@juniper.net

📊 CVSS Score

6.5

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack VectorA — Adjacent

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityN — None / Network

IntegrityN — None / Network

AvailabilityH — High

📋 Quick Facts

Severity Medium

CVSS Score6.5

CWECWE-120

EPSS0.02%

Exploit No

Patch ✗ No

Published 2026-04-09

Source Feed nvd

🇸🇦 Saudi Risk Score

7.2

/ 10.0 — Saudi Risk

Priority: HIGH

🏷️ Tags

CWE-120

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2025-59969

Introduce Yourself

Sign In Required