The SentinelOne Annual Threat Report - A Defenders Guide from the FrontlinesThe SentinelOne Annual Threat ReportGet the Report
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • AI Data Pipelines
      Security Data Pipeline for AI SIEM and Data Optimization
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2025-30651

CVE-2025-30651: Juniper Junos DoS Vulnerability

CVE-2025-30651 is a denial of service vulnerability in Juniper Junos OS and Junos OS Evolved that allows attackers to crash the routing protocol daemon via malicious ICMPv6 packets. This article covers technical details, affected versions, impact, and mitigation strategies.

Updated: May 11, 2026

CVE-2025-30651 Overview

CVE-2025-30651 is a Buffer Access with Incorrect Length Value vulnerability [CWE-805] in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved. An unauthenticated, network-based attacker can send a crafted ICMPv6 packet to an interface configured with protocols router-advertisement, causing rpd to crash and restart. Continued delivery of the malicious packet sustains a Denial of Service (DoS) condition on the affected device. The issue only affects systems configured with IPv6.

Critical Impact

Remote, unauthenticated attackers can sustain a routing daemon crash loop on Juniper routers running IPv6 router advertisements, disrupting routing operations across affected production networks.

Affected Products

  • Juniper Networks Junos OS (versions before 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3-S4, 23.2R2-S2, 23.4R2)
  • Juniper Networks Junos OS Evolved (versions before 21.2R3-S9-EVO, 21.4R3-S10-EVO, 22.2R3-S6-EVO, 22.4R3-S4-EVO, 23.2R2-S2-EVO, 23.4R2-EVO)
  • Devices with IPv6 enabled and protocols router-advertisement configured on an interface

Discovery Timeline

  • 2025-04-09 - CVE-2025-30651 published to NVD
  • 2026-01-23 - Last updated in NVD database

Technical Details for CVE-2025-30651

Vulnerability Analysis

The flaw resides in the routing protocol daemon (rpd), the Junos process responsible for managing routing protocol state, including IPv6 Neighbor Discovery and Router Advertisement (RA) messaging. When rpd processes a specific ICMPv6 packet on an interface configured for router advertisement, it accesses a buffer using an incorrect length value. The mismatch between the assumed and actual buffer size triggers a crash of the daemon.

Because rpd is central to routing convergence, its repeated restart disrupts BGP, OSPF, IS-IS, and other adjacencies that depend on the daemon. Sustained delivery of the trigger packet prevents rpd from stabilizing, producing a continuous DoS condition on the targeted device.

Root Cause

The root cause is a Buffer Access with Incorrect Length Value defect [CWE-805] in the ICMPv6 packet handling path inside rpd. The parser uses a length field that does not match the actual size of the available buffer, leading to invalid memory access and a process abort. The fault is reachable only when the interface is configured with protocols router-advertisement.

Attack Vector

Exploitation is performed over the network with no authentication and no user interaction. An attacker on an adjacent IPv6 segment, or any path that can deliver ICMPv6 traffic to an RA-enabled interface, can transmit the crafted packet. The attack does not yield code execution or data disclosure; impact is confined to availability of the routing control plane. The EPSS score is 0.403% with a percentile of 60.93, reflecting moderate predicted exploitation likelihood for a network-reachable DoS issue.

No verified exploitation code or proof-of-concept has been published. See the Juniper Security Advisory JSA96461 for vendor technical details.

Detection Methods for CVE-2025-30651

Indicators of Compromise

  • Repeated rpd process crashes and restart events in Junos system logs, typically accompanied by core files generated under /var/crash/ or /var/tmp/.
  • Routing protocol adjacency flaps (BGP, OSPF, IS-IS) correlated in time with rpd restarts on IPv6-enabled devices.
  • Unexpected bursts of inbound ICMPv6 traffic to interfaces configured with protocols router-advertisement.

Detection Strategies

  • Monitor messages and chassisd logs for entries such as rpd[<pid>]: terminated or RPD_TASK_BEGIN cycles indicating repeated daemon restarts.
  • Alert on generation of rpd core files, which signal an abnormal termination consistent with the buffer access defect.
  • Inspect ICMPv6 telemetry on RA-enabled interfaces for malformed Router Advertisement, Router Solicitation, or Neighbor Discovery packets that deviate from RFC 4861 expectations.

Monitoring Recommendations

  • Forward Junos syslog and SNMP traps to a centralized logging or SIEM platform and create correlation rules for rpd termination events.
  • Baseline normal ICMPv6 volumes per interface and alert on sustained deviations toward RA-enabled segments.
  • Track routing adjacency state changes per device to identify control-plane instability that correlates with the daemon crash signature.

How to Mitigate CVE-2025-30651

Immediate Actions Required

  • Identify all Junos OS and Junos OS Evolved devices with IPv6 enabled and protocols router-advertisement configured on any interface.
  • Schedule upgrades to a fixed release: 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3-S4, 23.2R2-S2, 23.4R2, or later, including the corresponding -EVO builds for Junos OS Evolved.
  • Restrict ICMPv6 traffic on untrusted interfaces using firewall filters until patches are applied.

Patch Information

Juniper has released fixed software in the Juniper Security Advisory JSA96461. Upgrade to one of the following or later: Junos OS 21.2R3-S9, 21.4R3-S10, 22.2R3-S6, 22.4R3-S4, 23.2R2-S2, 23.4R2; Junos OS Evolved 21.2R3-S9-EVO, 21.4R3-S10-EVO, 22.2R3-S6-EVO, 22.4R3-S4-EVO, 23.2R2-S2-EVO, 23.4R2-EVO.

Workarounds

  • Apply a loopback or interface firewall filter to drop unexpected ICMPv6 traffic from untrusted sources while preserving legitimate Neighbor Discovery operation.
  • Where IPv6 router advertisement is not required, remove protocols router-advertisement from affected interfaces to eliminate the attack surface.
  • Limit IPv6 segment exposure by restricting which neighbors can reach RA-enabled interfaces through segmentation and access control.
bash
# Example Junos firewall filter to rate-limit ICMPv6 toward the RE
set firewall family inet6 filter PROTECT-RE term LIMIT-ICMP6 from next-header icmpv6
set firewall family inet6 filter PROTECT-RE term LIMIT-ICMP6 then policer ICMP6-POLICER
set firewall family inet6 filter PROTECT-RE term LIMIT-ICMP6 then accept
set firewall policer ICMP6-POLICER if-exceeding bandwidth-limit 1m burst-size-limit 15k
set firewall policer ICMP6-POLICER then discard
set interfaces lo0 unit 0 family inet6 filter input PROTECT-RE

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeDOS
  • Vendor/TechJunos
  • SeverityHIGH
  • CVSS Score8.7
  • EPSS Probability0.40%
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityHigh
  • CWE References
  • CWE-805
  • Vendor Resources
  • Juniper Security Advisory JSA96461
  • Related CVEs
  • CVE-2025-30645: Juniper Junos SRX Series DoS Vulnerability
  • CVE-2025-60004: Juniper Junos BGP EVPN DoS Vulnerability
  • CVE-2025-30659: Juniper Junos SRX Series DoS Vulnerability
  • CVE-2025-60003: Juniper Junos BGP DoS Vulnerability
Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English