{"uuid": "056d2004-7522-4e64-9f7a-84f6570360df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-30649", "type": "seen", "source": "https://t.me/cvedetector/22595", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-30649 - \"Juniper Networks Junos OS syslog stream TCP transport Improper Input Validation allows CPU Denial of Service\"\", \n \"Content\": \"CVE ID : CVE-2025-30649 \nPublished : April 9, 2025, 8:15 p.m. | 24\u00a0minutes ago \nDescription : An Improper Input Validation vulnerability in the\u00a0syslog stream TCP transport\u00a0of Juniper Networks Junos OS on MX240, MX480 and MX960 devices with MX-SPC3 Security Services Card allows an unauthenticated, network-based attacker, to send specific spoofed packets to cause a CPU Denial of Service (DoS) to the MX-SPC3 SPUs. \n \nContinued receipt and processing of these specific packets will sustain the DoS condition. \n \nThis issue affects Junos OS: * All versions before 22.2R3-S6, \n * from 22.4 before 22.4R3-S4, \n * from 23.2 before 23.2R2-S3, \n * from 23.4 before 23.4R2-S4, \n * from 24.2 before 24.2R1-S2, 24.2R2 \n \n \nAn indicator of compromise will indicate the SPC3 SPUs utilization has spiked. \n \n \nFor example:\u00a0 \n\u00a0 \u00a0user@device> show services service-sets summary \n Service sets CPU \n Interface configured Bytes used Session bytes used Policy bytes used utilization \n \"interface\" 1 \"bytes\" (percent%) \"sessions\" (\"percent\"%) \"bytes\" (\"percent\"%) 99.97 % OVLD <<\nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"09 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-09T23:28:09.000000Z"}