CVE Alert: CVE-2025-60004 – Juniper Networks – Junos OS
CVE-2025-60004
An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-Of-Service (DoS). When an affected system receives a specific BGP EVPN update message over an established BGP session, this causes an rpd crash and restart. A BGP EVPN configuration is not necessary to be vulnerable. If peers are not configured to send BGP EVPN updates to a vulnerable device, then this issue can’t occur. This issue affects iBGP and eBGP, over IPv4 and IPv6. This issue affects: Junos OS: * 23.4 versions from 23.4R2-S3 before 23.4R2-S5, * 24.2 versions from 24.2R2 before 24.2R2-S1, * 24.4 versions before 24.4R1-S3, 24.4R2; Junos OS Evolved: * 23.4-EVO versions from 23.4R2-S2-EVO before 23.4R2-S5-EVO, * 24.2-EVO versions from 24.2R2-EVO before 24.2R2-S1-EVO, * 24.4-EVO versions before 24.4R1-S3-EVO, 24.4R2-EVO.
AI Summary Analysis
Risk verdict
High risk of a DoS in affected Junos OS deployments due to unauthenticated BGP EVPN updates; no active exploitation reported, but rapid patching is advised.
Why this matters
The vulnerability destabilises the routing plane by crashing the rpd process when a specific EVPN update is received, causing device reboot and potential routing outages. In large networks or service-provider environments, repeated restarts can disrupt inter-site connectivity, impact SLAs, and degrade customer experience. Patch adoption is straightforward but requires coordinated change windows across affected devices.
Most likely attack path
An attacker with network reach to an affected device can send a crafted BGP EVPN update over an existing BGP session, triggering rpd failure without needing any privileges or user interaction. The issue is network-vector, low-complexity, and preconditioned by an established iBGP/eBGP session; exploitation is feasible even without EVPN configuration in some cases. If EVPN updates are not used, exposure is minimised.
Who is most exposed
Organisations running Junos OS or Junos OS Evolved with active BGP EVPN adjacency (especially in data-centre interconnects or provider networks) are most at risk. Those with peering to external or untrusted peers should prioritise monitoring and patching.
Detection ideas
- rpd crash and restart events in system logs
- BGP session flaps correlated with EVPN update bursts
- Sudden CPU/memory spikes on routing engines
- Unusual or malformed BGP EVPN update messages
- Telemetry alerts indicating repeated rpd restarts or outages
Mitigation and prioritisation
- Apply vendor-released patches: update to listed Evo and non-Evo releases (see solutions section) as soon as feasible.
- If patching is slow, restrict BGP EVPN updates to trusted peers, or filter EVPN updates where possible; enable strict peer authentication and monitoring.
- Validate configuration and perform staged rollouts; test in a lab environment prior to production.
- Review change-management plans; coordinate with networking teams to minimise outage windows.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
