CVE-2025-59958 (GCVE-0-2025-59958)

Vulnerability from cvelistv5 – Published: 2025-10-09 15:44 – Updated: 2025-10-09 19:05
VLAI?
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to cause impact to confidentiality and availability. When an output firewall filter is configured with one or more terms where the action is 'reject', packets matching these terms are erroneously sent to the Routing Engine (RE) and further processed there. Processing of these packets will consume limited RE resources. Also responses from the RE back to the source of this traffic could reveal confidential information about the affected device. This issue only applies to firewall filters applied to WAN or revenue interfaces, so not the mgmt or lo0 interface of the routing-engine, nor any input filters. This issue affects Junos OS Evolved on PTX Series: * all versions before 22.4R3-EVO, * 23.2 versions before 23.2R2-EVO.
Severity ?
6.5 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
6.9 (Medium)
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/RE:M
CWE
  • CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
Impacted products
Vendor Product Version
Juniper Networks Junos OS Evolved Affected: 0 , < 22.4R3-EVO (semver)
Affected: 23.2 , < 23.2R2-EVO (semver)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-59958",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-09T19:05:24.406953Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-09T19:05:31.001Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "PTX Series"
          ],
          "product": "Junos OS Evolved",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "22.4R3-EVO",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "23.2R2-EVO",
              "status": "affected",
              "version": "23.2",
              "versionType": "semver"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "To be affected by this issue a configuration like the following needs to be present:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[\u0026nbsp;firewall family \u0026lt;family\u0026gt; filter \u0026lt;filter\u0026gt;\u0026nbsp;term \u0026lt;term\u0026gt;\u0026nbsp;then reject ]\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e[ interfaces \u0026lt;interface\u0026gt; unit \u0026lt;unit\u0026gt; \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efamily \u0026lt;family\u0026gt;\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003efilter \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eoutput \u0026lt;filter\u0026gt; ]\u003c/span\u003e\u003cbr\u003e\n\n\u003c/tt\u003e"
            }
          ],
          "value": "To be affected by this issue a configuration like the following needs to be present:\n\n[\u00a0firewall family \u003cfamily\u003e filter \u003cfilter\u003e\u00a0term \u003cterm\u003e\u00a0then reject ]\n\n\n[ interfaces \u003cinterface\u003e unit \u003cunit\u003e family \u003cfamily\u003e\u00a0filter output \u003cfilter\u003e ]"
        }
      ],
      "datePublic": "2025-10-08T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to cause impact to confidentiality and availability.\u003cbr\u003e\u003cbr\u003eWhen \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ean output firewall filter is configured with one or more\u0026nbsp;\u003c/span\u003eterms where the action is \u0027reject\u0027, packets matching these terms are\u0026nbsp;erroneously sent to the Routing Engine (RE) and further processed there.\u0026nbsp;Processing of these packets will consume limited RE resources. Also responses from the RE back to the source of this traffic could reveal confidential information about the affected device.\u003cbr\u003eThis issue only applies to firewall filters applied to WAN or revenue interfaces, so not the mgmt or lo0 interface of the routing-engine, nor any input filters.\u003cbr\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS Evolved on PTX Series:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 22.4R3-EVO,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e"
            }
          ],
          "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to cause impact to confidentiality and availability.\n\nWhen an output firewall filter is configured with one or more\u00a0terms where the action is \u0027reject\u0027, packets matching these terms are\u00a0erroneously sent to the Routing Engine (RE) and further processed there.\u00a0Processing of these packets will consume limited RE resources. Also responses from the RE back to the source of this traffic could reveal confidential information about the affected device.\nThis issue only applies to firewall filters applied to WAN or revenue interfaces, so not the mgmt or lo0 interface of the routing-engine, nor any input filters.\n\nThis issue affects Junos OS Evolved on PTX Series:\n\n\n\n  *  all versions before 22.4R3-EVO,\n  *  23.2 versions before 23.2R2-EVO."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 6.9,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/RE:M",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "MODERATE"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-754",
              "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-09T15:44:33.938Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/JSA103147"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue: 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases.\u003c/p\u003e"
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue: 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA103147",
        "defect": [
          "1734892"
        ],
        "discovery": "USER"
      },
      "title": "Junos OS Evolved: PTX Series: When a firewall filter rejects traffic these packets are erroneously sent to the RE",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "To avoid this issue remove the affected \u003ctt\u003ereject\u003c/tt\u003e action from the respective term(s) and replace it with \u003ctt\u003ediscard\u003c/tt\u003e, or add \u003ctt\u003elog \u003c/tt\u003eor \u003ctt\u003esyslog \u003c/tt\u003eactions."
            }
          ],
          "value": "To avoid this issue remove the affected reject action from the respective term(s) and replace it with discard, or add log or syslog actions."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-av217"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2025-59958",
    "datePublished": "2025-10-09T15:44:33.938Z",
    "dateReserved": "2025-09-23T18:19:06.954Z",
    "dateUpdated": "2025-10-09T19:05:31.001Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-59958\",\"sourceIdentifier\":\"sirt@juniper.net\",\"published\":\"2025-10-09T16:15:45.950\",\"lastModified\":\"2025-10-14T19:37:28.107\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to cause impact to confidentiality and availability.\\n\\nWhen an output firewall filter is configured with one or more\u00a0terms where the action is \u0027reject\u0027, packets matching these terms are\u00a0erroneously sent to the Routing Engine (RE) and further processed there.\u00a0Processing of these packets will consume limited RE resources. Also responses from the RE back to the source of this traffic could reveal confidential information about the affected device.\\nThis issue only applies to firewall filters applied to WAN or revenue interfaces, so not the mgmt or lo0 interface of the routing-engine, nor any input filters.\\n\\nThis issue affects Junos OS Evolved on PTX Series:\\n\\n\\n\\n  *  all versions before 22.4R3-EVO,\\n  *  23.2 versions before 23.2R2-EVO.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:M/U:X\",\"baseScore\":6.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"LOW\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"LOW\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"MODERATE\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-754\"}]}],\"references\":[{\"url\":\"https://supportportal.juniper.net/JSA103147\",\"source\":\"sirt@juniper.net\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-59958\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-09T19:05:24.406953Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-10-09T19:05:28.069Z\"}}], \"cna\": {\"title\": \"Junos OS Evolved: PTX Series: When a firewall filter rejects traffic these packets are erroneously sent to the RE\", \"source\": {\"defect\": [\"1734892\"], \"advisory\": \"JSA103147\", \"discovery\": \"USER\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 6.9, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/RE:M\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"LOW\", \"subConfidentialityImpact\": \"NONE\", \"vulnConfidentialityImpact\": \"LOW\", \"vulnerabilityResponseEffort\": \"MODERATE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Juniper Networks\", \"product\": \"Junos OS Evolved\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"22.4R3-EVO\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"23.2\", \"lessThan\": \"23.2R2-EVO\", \"versionType\": \"semver\"}], \"platforms\": [\"PTX Series\"], \"defaultStatus\": \"unaffected\"}], \"exploits\": [{\"lang\": \"en\", \"value\": \"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e\", \"base64\": false}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"The following software releases have been updated to resolve this specific issue: 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eThe following software releases have been updated to resolve this specific issue: 22.4R3-EVO, 23.2R2-EVO, 23.4R1-EVO, and all subsequent releases.\u003c/p\u003e\", \"base64\": false}]}], \"datePublic\": \"2025-10-08T16:00:00.000Z\", \"references\": [{\"url\": \"https://supportportal.juniper.net/JSA103147\", \"tags\": [\"vendor-advisory\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"To avoid this issue remove the affected reject action from the respective term(s) and replace it with discard, or add log or syslog actions.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"To avoid this issue remove the affected \u003ctt\u003ereject\u003c/tt\u003e action from the respective term(s) and replace it with \u003ctt\u003ediscard\u003c/tt\u003e, or add \u003ctt\u003elog \u003c/tt\u003eor \u003ctt\u003esyslog \u003c/tt\u003eactions.\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-av217\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to cause impact to confidentiality and availability.\\n\\nWhen an output firewall filter is configured with one or more\\u00a0terms where the action is \u0027reject\u0027, packets matching these terms are\\u00a0erroneously sent to the Routing Engine (RE) and further processed there.\\u00a0Processing of these packets will consume limited RE resources. Also responses from the RE back to the source of this traffic could reveal confidential information about the affected device.\\nThis issue only applies to firewall filters applied to WAN or revenue interfaces, so not the mgmt or lo0 interface of the routing-engine, nor any input filters.\\n\\nThis issue affects Junos OS Evolved on PTX Series:\\n\\n\\n\\n  *  all versions before 22.4R3-EVO,\\n  *  23.2 versions before 23.2R2-EVO.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to cause impact to confidentiality and availability.\u003cbr\u003e\u003cbr\u003eWhen \u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003ean output firewall filter is configured with one or more\u0026nbsp;\u003c/span\u003eterms where the action is \u0027reject\u0027, packets matching these terms are\u0026nbsp;erroneously sent to the Routing Engine (RE) and further processed there.\u0026nbsp;Processing of these packets will consume limited RE resources. Also responses from the RE back to the source of this traffic could reveal confidential information about the affected device.\u003cbr\u003eThis issue only applies to firewall filters applied to WAN or revenue interfaces, so not the mgmt or lo0 interface of the routing-engine, nor any input filters.\u003cbr\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS Evolved on PTX Series:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 22.4R3-EVO,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-754\", \"description\": \"CWE-754 Improper Check for Unusual or Exceptional Conditions\"}]}], \"configurations\": [{\"lang\": \"en\", \"value\": \"To be affected by this issue a configuration like the following needs to be present:\\n\\n[\\u00a0firewall family \u003cfamily\u003e filter \u003cfilter\u003e\\u00a0term \u003cterm\u003e\\u00a0then reject ]\\n\\n\\n[ interfaces \u003cinterface\u003e unit \u003cunit\u003e family \u003cfamily\u003e\\u00a0filter output \u003cfilter\u003e ]\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"To be affected by this issue a configuration like the following needs to be present:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[\u0026nbsp;firewall family \u0026lt;family\u0026gt; filter \u0026lt;filter\u0026gt;\u0026nbsp;term \u0026lt;term\u0026gt;\u0026nbsp;then reject ]\u003cbr\u003e\\n\\n\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e[ interfaces \u0026lt;interface\u0026gt; unit \u0026lt;unit\u0026gt; \u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003efamily \u0026lt;family\u0026gt;\u0026nbsp;\u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003efilter \u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eoutput \u0026lt;filter\u0026gt; ]\u003c/span\u003e\u003cbr\u003e\\n\\n\u003c/tt\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"shortName\": \"juniper\", \"dateUpdated\": \"2025-10-09T15:44:33.938Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-59958\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-09T19:05:31.001Z\", \"dateReserved\": \"2025-09-23T18:19:06.954Z\", \"assignerOrgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"datePublished\": \"2025-10-09T15:44:33.938Z\", \"assignerShortName\": \"juniper\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.