CVE-2025-59958

Name: CVE-2025-59958
Creator: NVD / NIST
Published: 2025-10-09T16:15:45.95+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.9/10EPSS 0.26%

Last modified Jun 17, 2026

CVE-2025-59958 is a medium-severity vulnerability rated 6.9/10 on the CVSS scale. An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to cause impact to confidentiality and availability. When an output firewall filter is configured with one or more terms where the action is 'reject', packets matching these terms are erroneously sent to the Routing Engine (RE) and further processed there. Processing of these packets will consume limited RE resources. Also responses from the RE back to the source of this traffic could reveal confidential information about the affected device. This issue only applies to firewall filters applied to WAN or revenue interfaces, so not the mgmt or lo0 interface of the routing-engine, nor any input filters. This issue affects Junos OS Evolved on PTX Series: * all versions before 22.4R3-EVO, * 23.2 versions before 23.2R2-EVO.. EPSS estimates a 0.26% chance of exploitation in the next 30 days.

Description

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to cause impact to confidentiality and availability. When an output firewall filter is configured with one or more terms where the action is 'reject', packets matching these terms are erroneously sent to the Routing Engine (RE) and further processed there. Processing of these packets will consume limited RE resources. Also responses from the RE back to the source of this traffic could reveal confidential information about the affected device. This issue only applies to firewall filters applied to WAN or revenue interfaces, so not the mgmt or lo0 interface of the routing-engine, nor any input filters. This issue affects Junos OS Evolved on PTX Series: * all versions before 22.4R3-EVO, * 23.2 versions before 23.2R2-EVO.

Metrics

CVSS 3.1

6.5/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

CVSS 4.0

6.9/10

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:M/U:X

EPSS Probability

0.26%

16.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-754

Affected Software

Vendor	Product	Versions
Juniper	Junos Os Evolved	< 22.4
Juniper	Junos Os Evolved	22.4
Juniper	Junos Os Evolved	23.2

References

https://supportportal.juniper.net/JSA103147Vendor Advisory

Timeline

Published: Oct 9, 2025
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2025-59958?

How severe is CVE-2025-59958?

CVE-2025-59958 has a CVSS score of 6.9/10 (MEDIUM severity). The EPSS model estimates a 0.26% probability of exploitation in the next 30 days.

How do I fix CVE-2025-59958?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-59958?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST