{"vulnerability": "CVE-2025-3064", "sightings": [{"uuid": "e4b7353e-d95c-4f63-8473-fa76aeecfea4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3064", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/10881", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-3064\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: The WPFront User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.1. This is due to missing or incorrect nonce validation on the whitelist_options() function. This makes it possible for unauthenticated attackers to update the default role option that can be leveraged for privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This is only exploitable on multisite instances.\n\ud83d\udccf Published: 2025-04-08T08:22:09.698Z\n\ud83d\udccf Modified: 2025-04-08T08:22:09.698Z\n\ud83d\udd17 References:\n1. https://www.wordfence.com/threat-intel/vulnerabilities/id/efc7ad9f-714e-474c-87e8-ecbbdfabd550?source=cve\n2. https://plugins.trac.wordpress.org/browser/wpfront-user-role-editor/trunk/includes/users/class-user-profile.php#L104\n3. https://plugins.trac.wordpress.org/browser/wpfront-user-role-editor/trunk/includes/users/class-user-profile.php#L399\n4. https://wordpress.org/plugins/wpfront-user-role-editor/#developers\n5. https://plugins.trac.wordpress.org/changeset/3266542/#file142", "creation_timestamp": "2025-04-08T08:46:43.000000Z"}, {"uuid": "14f686c9-7804-4ac8-851a-01c3af63406d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-30646", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/11160", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30646\n\ud83d\udd25 CVSS Score: 6.5 (cvssV3_1, Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: A Signed to Unsigned Conversion Error vulnerability in the Layer 2 Control Protocol daemon (l2cpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated adjacent attacker sending a specifically malformed LLDP TLV to cause the l2cpd process to crash and restart, causing a Denial of Service (DoS).\u00a0 Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\n\nWhen an LLDP telemetry subscription is active, receipt of a specifically malformed LLDP TLV causes the l2cpd process to crash and restart.\n\n\n\nThis issue affects:\n\nJunos OS: \n\n\n * All versions before 21.2R3-S9,\u00a0\n * from 21.4 before 21.4R3-S10,\u00a0\n * from 22.2 before 22.2R3-S6,\u00a0\n * from 22.4 before 22.4R3-S6,\u00a0\n * from 23.2 before 23.2R2-S3,\u00a0\n * from 23.4 before 23.4R2-S4,\u00a0\n * from 24.2 before 24.2R2;\u00a0\n\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n * All versions before 21.4R3-S10-EVO,\n * from 22.2-EVO before 22.2R3-S6-EVO,\u00a0\n * from 22.4-EVO before 22.4R3-S6-EVO,\u00a0\n * from 23.2-EVO before 23.2R2-S3-EVO,\u00a0\n * from 23.4-EVO before 23.4R2-S4-EVO,\u00a0\n * from 24.2-EVO before 24.2R2-EVO.\n\ud83d\udccf Published: 2025-04-09T19:53:27.087Z\n\ud83d\udccf Modified: 2025-04-09T20:39:47.342Z\n\ud83d\udd17 References:\n1. https://supportportal.juniper.net/JSA96456", "creation_timestamp": "2025-04-09T20:48:24.000000Z"}, {"uuid": "8e0b0adc-3ae9-4ab7-ab9a-5ad4ff9c21ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-30644", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15385", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30644\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: A Heap-based Buffer Overflow vulnerability in the flexible PIC concentrator (FPC) of Juniper Networks Junos OS on EX2300, EX3400, EX4100, EX4300, EX4300MP, EX4400, EX4600, EX4650-48Y, and QFX5k Series allows an attacker to send a specific DHCP packet to the device, leading to an FPC crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\n\nUnder a rare timing scenario outside the attacker's control, memory corruption may be observed when DHCP Option 82 is enabled, leading to an FPC crash and affecting packet forwarding. Due to the nature of the heap-based overflow, exploitation of this vulnerability could also lead to remote code execution within the FPC, resulting in complete control of the vulnerable component.\nThis issue affects Junos OS on EX2300, EX3400, EX4100, EX4300, EX4300MP, EX4400, EX4600, EX4650-48Y, and QFX5k Series: \n\n\n\n\n * All versions before 21.4R3-S9,\u00a0\n * from 22.2 before 22.2R3-S5,\u00a0\n * from 22.4 before 22.4R3-S5,\u00a0\n * from 23.2 before 23.2R2-S3,\u00a0\n * from 23.4 before 23.4R2-S3,\u00a0\n * from 24.2 before 24.2R2.\n\ud83d\udccf Published: 2025-04-09T19:52:16.737Z\n\ud83d\udccf Modified: 2025-05-07T18:55:01.374Z\n\ud83d\udd17 References:\n1. https://supportportal.juniper.net/JSA96453", "creation_timestamp": "2025-05-07T19:22:20.000000Z"}, {"uuid": "129e732b-f69c-42a9-9ec6-40cf5bffe643", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3064", "type": "seen", "source": "https://t.me/cvedetector/22439", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-3064 - WPFront User Role Editor CSRF Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-3064 \nPublished : April 8, 2025, 9:15 a.m. | 2\u00a0hours, 10\u00a0minutes ago \nDescription : The WPFront User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.1. This is due to missing or incorrect nonce validation on the whitelist_options() function. This makes it possible for unauthenticated attackers to update the default role option that can be leveraged for privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This is only exploitable on multisite instances. \nSeverity: 8.8 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"08 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-08T13:59:48.000000Z"}, {"uuid": "5252e1d5-a4d1-4153-a328-30565f3ffcbe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3064", "type": "seen", "source": "https://mastodon.social/users/CyberSignaler/statuses/114302183167585816", "content": "", "creation_timestamp": "2025-04-08T11:48:23.044516Z"}, {"uuid": "ec952ab0-4b2d-4860-b850-e55dffaef455", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-3064", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmcgso6eil2z", "content": "", "creation_timestamp": "2025-04-08T12:07:13.089975Z"}, {"uuid": "d52ad7bd-8340-4609-9f90-5f4eaaca5035", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-30640", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lnlkookgds2g", "content": "", "creation_timestamp": "2025-04-24T20:35:42.675207Z"}, {"uuid": "4d74a2ee-cfa2-4578-9cae-5880c4d881e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-30641", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lnlkookgds2g", "content": "", "creation_timestamp": "2025-04-24T20:35:42.768696Z"}, {"uuid": "8060c3bb-54ca-4f04-8e9f-1bc96053c4a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-30642", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lnlkookgds2g", "content": "", "creation_timestamp": "2025-04-24T20:35:42.857102Z"}, {"uuid": "fb06adcc-a9da-4088-997c-aa58806cd1cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-30645", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/13327", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-30645\n\ud83d\udd25 CVSS Score: 7.5 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\ud83d\udd39 Description: A NULL Pointer Dereference vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker causing specific, valid control traffic to be sent out of a Dual-Stack (DS) Lite tunnel to crash the flowd process, resulting in a Denial of Service (DoS).\u00a0 Continuous triggering of specific control traffic will create a sustained Denial of Service (DoS) condition.\n\nOn all SRX platforms, when specific, valid control traffic needs to be sent out of a DS-Lite tunnel, a segmentation fault occurs within the flowd process, resulting in a network outage until the flowd process restarts.\n\nThis issue affects Junos OS on SRX Series: \n * All versions before 21.2R3-S9, \n * from 21.4 before 21.4R3-S9, \n * from 22.2 before 22.2R3-S5, \n * from 22.4 before 22.4R3-S6, \n * from 23.2 before 23.2R2-S3, \n * from 23.4 before 23.4R2.\n\ud83d\udccf Published: 2025-04-09T19:52:51.730Z\n\ud83d\udccf Modified: 2025-04-24T20:04:34.131Z\n\ud83d\udd17 References:\n1. https://supportportal.juniper.net/JSA96455", "creation_timestamp": "2025-04-24T20:06:36.000000Z"}, {"uuid": "37c6f4e7-f807-44a6-ae39-27845da2e8ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-30644", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/114309969513039344", "content": "", "creation_timestamp": "2025-04-09T20:48:32.933902Z"}, {"uuid": "3ef2abc5-43f4-41db-bd8a-6f086a30daf8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-30644", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmg5utqamg25", "content": "", "creation_timestamp": "2025-04-09T23:38:00.401693Z"}, {"uuid": "d17ffc06-8d92-496e-826a-3778d3c1a8c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-30647", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmg5utye5k2c", "content": "", "creation_timestamp": "2025-04-09T23:38:01.178582Z"}, {"uuid": "beef858b-9260-451e-8dbf-344e705520c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-30646", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmg5v3e4tp2i", "content": "", "creation_timestamp": "2025-04-09T23:38:10.274654Z"}, {"uuid": "e2b54424-49d3-4c19-99fb-6d19f8ac5a17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-30645", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmg5v3xe372i", "content": "", "creation_timestamp": "2025-04-09T23:38:11.362383Z"}, {"uuid": "2bb0b177-39c1-4a4f-aafa-686a7c2d4fd5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-30648", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmg5v6x2n42h", "content": "", "creation_timestamp": "2025-04-09T23:38:15.425771Z"}, {"uuid": "8e9243ea-ef7f-4439-a646-e210b1f4bf94", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-30649", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lmg5v7e2772f", "content": "", "creation_timestamp": "2025-04-09T23:38:16.680048Z"}, {"uuid": "c2016c79-a1f1-4d21-b3d7-779896464aca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-30642", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-25-241/", "content": "", "creation_timestamp": "2025-04-09T03:00:00.000000Z"}, {"uuid": "45ab0ead-6275-4232-bef2-773d78e1cb0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-30641", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-25-240/", "content": "", "creation_timestamp": "2025-04-09T03:00:00.000000Z"}, {"uuid": "15fac047-754f-47cf-b27b-7e665fb235e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-30640", "type": "seen", "source": "http://www.zerodayinitiative.com/advisories/ZDI-25-239/", "content": "", "creation_timestamp": "2025-04-09T03:00:00.000000Z"}, {"uuid": "59228fa9-0a67-403e-af14-43b87b572ed4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-30640", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lnp4ic4wbs2g", "content": "", "creation_timestamp": "2025-04-26T06:32:16.065832Z"}, {"uuid": "674ed58a-79ba-4484-8026-55089897dbac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-30641", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lnp4ic4wbs2g", "content": "", "creation_timestamp": "2025-04-26T06:32:16.148225Z"}, {"uuid": "dd7225a7-8729-4365-ad50-2f875d1203fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-30642", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3lnp4ic4wbs2g", "content": "", "creation_timestamp": "2025-04-26T06:32:16.225335Z"}, {"uuid": "1f436728-1dd2-45b8-8a86-30dcce8cd861", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-30646", "type": "seen", "source": "https://t.me/cvedetector/22603", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-30646 - Juniper Networks Junos OS and Junos OS Evolved LLDP Signed to Unsigned Conversion Error Denial of Service\", \n \"Content\": \"CVE ID : CVE-2025-30646 \nPublished : April 9, 2025, 8:15 p.m. | 24\u00a0minutes ago \nDescription : A Signed to Unsigned Conversion Error vulnerability in the Layer 2 Control Protocol daemon (l2cpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated adjacent attacker sending a specifically malformed LLDP TLV to cause the l2cpd process to crash and restart, causing a Denial of Service (DoS).\u00a0 Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. \n \nWhen an LLDP telemetry subscription is active, receipt of a specifically malformed LLDP TLV causes the l2cpd process to crash and restart. \n \n \n \nThis issue affects: \n \nJunos OS: \n \n \n * All versions before 21.2R3-S9,\u00a0 \n * from 21.4 before 21.4R3-S10,\u00a0 \n * from 22.2 before 22.2R3-S6,\u00a0 \n * from 22.4 before 22.4R3-S6,\u00a0 \n * from 23.2 before 23.2R2-S3,\u00a0 \n * from 23.4 before 23.4R2-S4,\u00a0 \n * from 24.2 before 24.2R2;\u00a0 \n \n \n \n \nJunos OS Evolved:\u00a0 \n \n \n \n * All versions before 21.4R3-S10-EVO, \n * from 22.2-EVO before 22.2R3-S6-EVO,\u00a0 \n * from 22.4-EVO before 22.4R3-S6-EVO,\u00a0 \n * from 23.2-EVO before 23.2R2-S3-EVO,\u00a0 \n * from 23.4-EVO before 23.4R2-S4-EVO,\u00a0 \n * from 24.2-EVO before 24.2R2-EVO. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"09 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-09T23:28:21.000000Z"}, {"uuid": "12a34936-c3b7-4eb7-9735-e238d5e0a0c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-30647", "type": "seen", "source": "https://t.me/cvedetector/22598", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-30647 - Juniper Networks Junos OS MX Series Memory Leak DoS Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-30647 \nPublished : April 9, 2025, 8:15 p.m. | 24\u00a0minutes ago \nDescription : A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS). \n \nIn a subscriber management scenario, login/logout activity triggers a memory leak, and the leaked memory gradually increments and eventually results in a\u00a0crash.\u00a0 \n\u00a0 \u00a0 \n\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003user@host> show chassis fpc \n\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003Temp \u2003\u2003 CPU Utilization (%) \u2003\u2003CPU Utilization (%) \u2003 Memory \u00a0 \u2003\u2003Utilization (%) \n\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003Slot State\u00a0 \u00a0 \u00a0 \u00a0(C) \u2003\u2003\u00a0 Total\u00a0 \u00a0Interrupt \u00a0 \u00a0 1min\u00a0 \u00a05min\u00a0 15min \u2003 \u2003DRAM (MB) \u2003Heap \u00a0 Buffer \n \n\u00a0 \u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u2003\u20032 Online\u00a0 \u00a0 \u00a0 \u00a0 \u00a036 \u00a0 \u2003\u2003\u2003 10 \u00a0 \u00a0 \u00a0 \u00a0 0\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 9 \u00a0 \u00a0 8 \u00a0 \u00a0 9 \u00a0 \u2003\u2003\u2003\u2003\u200332768 \u00a0 \u00a0 \u200326 \u00a0 \u00a0 \u00a0 \u00a0 0 \n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \n \nThis issue affects Junos OS on MX Series: \n * All versions before 21.2R3-S9 \n * from 21.4 before 21.4R3-S10 \n * from 22.2 before 22.2R3-S6 \n * from 22.4 before 22.4R3-S5 \n * from 23.2 before 23.2R2-S3 \n * from 23.4 before 23.4R2-S3 \n * from 24.2 before 24.2R2. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"09 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-09T23:28:14.000000Z"}, {"uuid": "6e9e39e2-f5e5-4228-bfa5-c66aa7161fbe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-30645", "type": "seen", "source": "https://t.me/cvedetector/22602", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-30645 - Juniper Networks Junos OS SRX Series NULL Pointer Dereference Denial of Service Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-30645 \nPublished : April 9, 2025, 8:15 p.m. | 24\u00a0minutes ago \nDescription : A NULL Pointer Dereference vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker causing specific, valid control traffic to be sent out of a Dual-Stack (DS) Lite tunnel to crash the flowd process, resulting in a Denial of Service (DoS).\u00a0 Continuous triggering of specific control traffic will create a sustained Denial of Service (DoS) condition. \n \nOn all SRX platforms, when specific, valid control traffic needs to be sent out of a DS-Lite tunnel, a segmentation fault occurs within the flowd process, resulting in a network outage until the flowd process restarts. \n \nThis issue affects Junos OS on SRX Series: \n * All versions before 21.2R3-S9, \n * from 21.4 before 21.4R3-S9, \n * from 22.2 before 22.2R3-S5, \n * from 22.4 before 22.4R3-S6, \n * from 23.2 before 23.2R2-S3, \n * from 23.4 before 23.4R2. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"09 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-09T23:28:20.000000Z"}, {"uuid": "df4090fd-1eac-434b-a5c0-d251d1f7eab4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-30644", "type": "seen", "source": "https://t.me/cvedetector/22601", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-30644 - Juniper Networks Junos OS Flexible PIC Concentrator Remote Code Execution and Denial of Service Vulnerability\", \n \"Content\": \"CVE ID : CVE-2025-30644 \nPublished : April 9, 2025, 8:15 p.m. | 24\u00a0minutes ago \nDescription : A Heap-based Buffer Overflow vulnerability in the flexible PIC concentrator (FPC) of Juniper Networks Junos OS on EX2300, EX3400, EX4100, EX4300, EX4300MP, EX4400, EX4600, EX4650-48Y, and QFX5k Series allows an attacker to send a specific DHCP packet to the device, leading to an FPC crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. \n \nUnder a rare timing scenario outside the attacker's control, memory corruption may be observed when DHCP Option 82 is enabled, leading to an FPC crash and affecting packet forwarding. Due to the nature of the heap-based overflow, exploitation of this vulnerability could also lead to remote code execution within the FPC, resulting in complete control of the vulnerable component. \nThis issue affects Junos OS on EX2300, EX3400, EX4100, EX4300, EX4300MP, EX4400, EX4600, EX4650-48Y, and QFX5k Series: \n \n \n \n \n * All versions before 21.4R3-S9,\u00a0 \n * from 22.2 before 22.2R3-S5,\u00a0 \n * from 22.4 before 22.4R3-S5,\u00a0 \n * from 23.2 before 23.2R2-S3,\u00a0 \n * from 23.4 before 23.4R2-S3,\u00a0 \n * from 24.2 before 24.2R2. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"09 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-09T23:28:19.000000Z"}, {"uuid": "056d2004-7522-4e64-9f7a-84f6570360df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-30649", "type": "seen", "source": "https://t.me/cvedetector/22595", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-30649 - \"Juniper Networks Junos OS syslog stream TCP transport Improper Input Validation allows CPU Denial of Service\"\", \n \"Content\": \"CVE ID : CVE-2025-30649 \nPublished : April 9, 2025, 8:15 p.m. | 24\u00a0minutes ago \nDescription : An Improper Input Validation vulnerability in the\u00a0syslog stream TCP transport\u00a0of Juniper Networks Junos OS on MX240, MX480 and MX960 devices with MX-SPC3 Security Services Card allows an unauthenticated, network-based attacker, to send specific spoofed packets to cause a CPU Denial of Service (DoS) to the MX-SPC3 SPUs. \n \nContinued receipt and processing of these specific packets will sustain the DoS condition. \n \nThis issue affects Junos OS: * All versions before 22.2R3-S6, \n * from 22.4 before 22.4R3-S4, \n * from 23.2 before 23.2R2-S3, \n * from 23.4 before 23.4R2-S4, \n * from 24.2 before 24.2R1-S2, 24.2R2 \n \n \nAn indicator of compromise will indicate the SPC3 SPUs utilization has spiked. \n \n \nFor example:\u00a0 \n\u00a0 \u00a0user@device> show services service-sets summary \n Service sets CPU \n Interface configured Bytes used Session bytes used Policy bytes used utilization \n \"interface\" 1 \"bytes\" (percent%) \"sessions\" (\"percent\"%) \"bytes\" (\"percent\"%) 99.97 % OVLD <<\nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"09 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-09T23:28:09.000000Z"}, {"uuid": "e5161627-2010-40cc-b62d-bcbbb626b211", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2025-30648", "type": "seen", "source": "https://t.me/cvedetector/22594", "content": "{\n \"Source\": \"CVE FEED\",\n \"Title\": \"CVE-2025-30648 - Juniper Junos OS Juniper DHCP Daemon Denial of Service\", \n \"Content\": \"CVE ID : CVE-2025-30648 \nPublished : April 9, 2025, 8:15 p.m. | 24\u00a0minutes ago \nDescription : An Improper Input Validation vulnerability in the\u00a0Juniper DHCP Daemon (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause the jdhcpd process to crash resulting in a Denial of Service (DoS). \n \nWhen a specifically malformed DHCP packet is received from a DHCP client, the jdhcpd process crashes, which\u00a0will lead to the unavailability of the DHCP service and thereby resulting in a sustained DoS.\u00a0The DHCP process will restart automatically to recover the service. \n \nThis issue will occur when\u00a0dhcp-security is enabled.\u00a0 \nThis issue affects Junos OS:\u00a0 \n \n \n \n * All versions before 21.2R3-S9,\u00a0 \n * from 21.4 before 21.4R3-S10,\u00a0 \n * from 22.2 before 22.2R3-S6,\u00a0 \n * from 22.4 before 22.4R3-S6,\u00a0 \n * from 23.2 before 23.2R2-S3,\u00a0 \n * from 23.4 before 23.4R2-S4,\u00a0 \n * from 24.2 before 24.2R2;\u00a0 \n \n \n \n \nJunos OS Evolved:\u00a0 * from 22.4 before 22.4R3-S6-EVO,\u00a0 \n * from 23.2 before 23.2R2-S3-EVO,\u00a0 \n * from 23.4 before 23.4R2-S4-EVO,\u00a0 \n * from 24.2 before 24.2R2-EVO. \n \n \n \n \n. \nSeverity: 7.4 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n \"Detection Date\": \"09 Apr 2025\",\n \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-04-09T23:28:08.000000Z"}]}