CVE-2025-30644 — HIGH (7.5)

Q: How severe is CVE-2025-30644?

CVE-2025-30644 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-30644?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Ex2300, Juniper Ex3400, Juniper Ex4100, Juniper Ex4300.

Vulnerability Description

A Heap-based Buffer Overflow vulnerability in the flexible PIC concentrator (FPC) of Juniper Networks Junos OS on EX2300, EX3400, EX4100, EX4300, EX4300MP, EX4400, EX4600, EX4650-48Y, and QFX5k Series allows an attacker to send a specific DHCP packet to the device, leading to an FPC crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Under a rare timing scenario outside the attacker's control, memory corruption may be observed when DHCP Option 82 is enabled, leading to an FPC crash and affecting packet forwarding. Due to the nature of the heap-based overflow, exploitation of this vulnerability could also lead to remote code execution within the FPC, resulting in complete control of the vulnerable component. This issue affects Junos OS on EX2300, EX3400, EX4100, EX4300, EX4300MP, EX4400, EX4600, EX4650-48Y, and QFX5k Series: * All versions before 21.4R3-S9, * from 22.2 before 22.2R3-S5, * from 22.4 before 22.4R3-S5, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2-S3, * from 24.2 before 24.2R2.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Juniper	Junos	< 21.4
Juniper	Ex2300	-
Juniper	Ex3400	-
Juniper	Ex4100	-
Juniper	Ex4300	-
Juniper	Ex4300Mp	-
Juniper	Ex4400	-
Juniper	Ex4600	-
Juniper	Ex4650-48Y	-
Juniper	Qfx5110	-
Juniper	Qfx5120	-
Juniper	Qfx5130	-
Juniper	Qfx5200	-
Juniper	Qfx5210	-
Juniper	Qfx5220	-
Juniper	Qfx5230-64Cd	-
Juniper	Qfx5240	-
Juniper	Qfx5241	-
Juniper	Qfx5700	-

Related Weaknesses (CWE)

CWE-122

References

https://supportportal.juniper.net/JSA96453Vendor Advisory

FAQ

What is CVE-2025-30644?

CVE-2025-30644 is a vulnerability with a CVSS score of 7.5 (HIGH). A Heap-based Buffer Overflow vulnerability in the flexible PIC concentrator (FPC) of Juniper Networks Junos OS on EX2300, EX3400, EX4100, EX4300, EX4300MP, EX4400, EX4600, EX4650-48Y, and QFX5k Series...

How severe is CVE-2025-30644?

CVE-2025-30644 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-30644?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Ex2300, Juniper Ex3400, Juniper Ex4100, Juniper Ex4300.