VDB

GCVE-110-NCSC-2025-305

GCVE-110-NCSC-2025-305
Advisory PublishedCVSS 7.4/10
Vulnetix · Advisory published October 13, 2025
A vulnerability in Juniper Networks' Junos OS allows unauthenticated attackers to trigger a Denial-Of-Service by sending specific BGP EVPN update messages, causing the routing protocol daemon to crash and restart.

Weaknesses (CWE)

CWE-306Missing Authentication for Critical FunctionCWE-400Uncontrolled Resource ConsumptionCWE-552Files or Directories Accessible to External PartiesCWE-120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')CWE-346Origin Validation ErrorCWE-908Use of Uninitialized ResourceCWE-305Authentication Bypass by Primary WeaknessCWE-754Improper Check for Unusual or Exceptional ConditionsCWE-476NULL Pointer DereferenceCWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')CWE-824Access of Uninitialized PointerCWE-262Not Using Password Aging

Risk Scores

CVSS 3.1
7.4/10
High · CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

Affected Products

VendorProductVersionsPlatforms
Juniper Networksvers:unknown/*

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Browse GCVE Records

73,866 records in the GCVE database · Updated July 19, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›