Cyber Resilience

CVE-2025-30645

High

Published: 09 April 2025

Published
09 April 2025
Modified
26 January 2026
KEV Added
Patch
CVSS Score v4 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:C/RE:M/U:Green
EPSS Score 0.0040 60.9th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-30645 is a high-severity NULL Pointer Dereference (CWE-476) vulnerability in Juniper Junos. Its CVSS base score is 8.7 (High).

Operationally, ranked in the top 39.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A NULL Pointer Dereference vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker causing specific, valid control traffic to be sent out of a Dual-Stack (DS) Lite tunnel to crash the flowd…

more

process, resulting in a Denial of Service (DoS). Continuous triggering of specific control traffic will create a sustained Denial of Service (DoS) condition. On all SRX platforms, when specific, valid control traffic needs to be sent out of a DS-Lite tunnel, a segmentation fault occurs within the flowd process, resulting in a network outage until the flowd process restarts. This issue affects Junos OS on SRX Series: * All versions before 21.2R3-S9, * from 21.4 before 21.4R3-S9, * from 22.2 before 22.2R3-S5, * from 22.4 before 22.4R3-S6, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

juniper
junos
21.2, 21.4, 22.2, 22.4, 23.2 · ≤ 21.2

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References