CVE-2025-60007 — MEDIUM (5.5)

Q: How severe is CVE-2025-60007?

CVE-2025-60007 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-60007?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Ex2300, Juniper Ex2300-C, Juniper Ex3400, Juniper Ex4000.

Vulnerability Description

A NULL Pointer Dereference vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS on MX, SRX and EX Series allows a local attacker with low privileges to cause a Denial-of-Service (DoS). When a user executes the 'show chassis' command with specifically crafted options, chassisd will crash and restart. Due to this all components but the Routing Engine (RE) in the chassis are reinitialized, which leads to a complete service outage, which the system automatically recovers from. This issue affects: Junos OS on MX, SRX and EX Series, except MX10000 Series and MX304: * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S5, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S2, * 24.4 versions before 24.4R2.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Juniper	Junos	< 22.4
Juniper	Ex2300	-
Juniper	Ex2300-C	-
Juniper	Ex3400	-
Juniper	Ex4000	-
Juniper	Ex4100	-
Juniper	Ex4100-F	-
Juniper	Ex4100-H	-
Juniper	Ex4300	-
Juniper	Ex4400	-
Juniper	Ex4600	-
Juniper	Ex4650	-
Juniper	Ex9204	-
Juniper	Ex9208	-
Juniper	Ex9214	-
Juniper	Mx10004	-
Juniper	Mx10008	-
Juniper	Mx2008	-
Juniper	Mx2010	-
Juniper	Mx2020	-

Related Weaknesses (CWE)

CWE-476

References

https://kb.juniper.net/JSA103173Vendor Advisory
https://supportportal.juniper.net/Vendor Advisory

FAQ

What is CVE-2025-60007?

CVE-2025-60007 is a vulnerability with a CVSS score of 5.5 (MEDIUM). A NULL Pointer Dereference vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS on MX, SRX and EX Series allows a local attacker with low privileges to cause a Denial-of-Service...

How severe is CVE-2025-60007?

CVE-2025-60007 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-60007?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Ex2300, Juniper Ex2300-C, Juniper Ex3400, Juniper Ex4000.