CVE-2025-21599
Published: 09 January 2025
Summary
CVE-2025-21599 is a high-severity Missing Release of Memory after Effective Lifetime (CWE-401) vulnerability in Juniper Junos Os Evolved. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 43.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-5 (Denial-of-service Protection) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses the CVE by requiring timely identification, testing, and deployment of patches to remediate the memory leak flaw in the Juniper Tunnel Driver.
Protects against denial-of-service attacks by limiting effects of resource exhaustion from continuous malformed IPv6 packets causing kernel memory leaks.
Enforces boundary protection to monitor and control inbound IPv6 traffic, potentially filtering or rate-limiting malformed packets before they reach the vulnerable tunnel driver.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Malformed IPv6 packet handling in public-facing network device driver directly enables remote unauthenticated exploitation (T1190) leading to sustained network DoS via memory exhaustion (T1498).
NVD Description
A Missing Release of Memory after Effective Lifetime vulnerability in the Juniper Tunnel Driver (jtd) of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause Denial of Service. Receipt of specifically malformed IPv6 packets, destined to the…
more
device, causes kernel memory to not be freed, resulting in memory exhaustion leading to a system crash and Denial of Service (DoS). Continuous receipt and processing of these packets will continue to exhaust kernel memory, creating a sustained Denial of Service (DoS) condition. This issue only affects systems configured with IPv6. This issue affects Junos OS Evolved: * from 22.4-EVO before 22.4R3-S5-EVO, * from 23.2-EVO before 23.2R2-S2-EVO, * from 23.4-EVO before 23.4R2-S2-EVO, * from 24.2-EVO before 24.2R1-S2-EVO, 24.2R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 22.4R1-EVO.
Deeper analysisAI
CVE-2025-21599 is a Missing Release of Memory after Effective Lifetime vulnerability (CWE-401) in the Juniper Tunnel Driver (jtd) component of Juniper Networks Junos OS Evolved. It affects systems configured with IPv6 support running versions from 22.4-EVO before 22.4R3-S5-EVO, 23.2-EVO before 23.2R2-S2-EVO, 23.4-EVO before 23.4R2-S2-EVO, 24.2-EVO before 24.2R1-S2-EVO and 24.2R2-EVO. Versions of Junos OS Evolved prior to 22.4R1-EVO are not affected. The vulnerability has a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
An unauthenticated network-based attacker can exploit this vulnerability by sending specifically malformed IPv6 packets destined to the device. Receipt and processing of these packets prevents kernel memory from being freed after its effective lifetime, resulting in progressive memory exhaustion. This leads to a system crash and Denial of Service (DoS), with continuous packet transmission sustaining the DoS condition.
Mitigation details, including available patches and precise affected configurations, are provided in the Juniper Networks security advisory JSA92869 at https://supportportal.juniper.net/JSA92869.
Details
- CWE(s)