cvelistv5 - cve-2025-26466

CVE-2025-26466 (GCVE-0-2025-26466)

Vulnerability from cvelistv5

Published

2025-02-28 21:25

Modified

2026-02-10 17:13

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Summary

A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.

References

URL

Tags

	https://access.redhat.com/security/cve/CVE-2025-26466	vdb-entry, x_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2345043	issue-tracking, x_refsource_REDHAT
	https://seclists.org/oss-sec/2025/q1/144
	https://www.qualys.com/2025/02/18/openssh-mitm-dos.txt

Impacted products

Vendor

Product

Version

Version: 9.5p1 <

Red Hat	Red Hat Enterprise Linux 10	cpe:/o:redhat:enterprise_linux:10
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6
Red Hat	Red Hat Enterprise Linux 7	cpe:/o:redhat:enterprise_linux:7
Red Hat	Red Hat Enterprise Linux 8	cpe:/o:redhat:enterprise_linux:8
Red Hat	Red Hat Enterprise Linux 9	cpe:/o:redhat:enterprise_linux:9
Red Hat	Red Hat OpenShift Container Platform 4	cpe:/a:redhat:openshift:4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-02-10T17:13:57.386Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20250228-0002/"
          },
          {
            "url": "https://www.openwall.com/lists/oss-security/2025/02/18/1"
          },
          {
            "url": "https://www.openwall.com/lists/oss-security/2025/02/18/4"
          },
          {
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1237041"
          },
          {
            "url": "https://security-tracker.debian.org/tracker/CVE-2025-26466"
          },
          {
            "url": "https://ubuntu.com/security/CVE-2025-26466"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/May/8"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/May/7"
          },
          {
            "url": "http://seclists.org/fulldisclosure/2025/Feb/18"
          },
          {
            "url": "https://www.vicarius.io/vsociety/posts/cve-2025-26466-detection-script-memory-consumption-vulnerability-in-openssh"
          },
          {
            "url": "https://www.vicarius.io/vsociety/posts/cve-2025-26466-mitigation-script-memory-consumption-vulnerability-in-openssh"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-26466",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-04T19:51:35.555196Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-04T19:51:39.308Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://www.qualys.com/2025/02/18/openssh-mitm-dos.txt"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.openssh.com/",
          "defaultStatus": "unaffected",
          "packageName": "OpenSSH",
          "repo": "https://anongit.mindrot.org/openssh.git",
          "versions": [
            {
              "lessThanOrEqual": "9.9p1",
              "status": "affected",
              "version": "9.5p1",
              "versionType": "custom"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10"
          ],
          "defaultStatus": "unaffected",
          "packageName": "openssh",
          "product": "Red Hat Enterprise Linux 10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "openssh",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "openssh",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "openssh",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "openssh",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:openshift:4"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rhcos",
          "product": "Red Hat OpenShift Container Platform 4",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2025-02-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-06T23:33:10.047Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-26466"
        },
        {
          "name": "RHBZ#2345043",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2345043"
        },
        {
          "url": "https://seclists.org/oss-sec/2025/q1/144"
        },
        {
          "url": "https://www.qualys.com/2025/02/18/openssh-mitm-dos.txt"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-02-11T19:51:30.375Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-02-18T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Openssh: denial-of-service in openssh",
      "workarounds": [
        {
          "lang": "en",
          "value": "This issue can be mitigated by setting the following three different options in the sshd configuration file located at: /etc/ssh/sshd_config\n\nMaxStartups: Set to a reasonable value, this option controls the maximum number of concurrent unauthenticated connections the SSH server accepts;\n\nPerSourcePenalties: Set its suboptions to a reasonable value, this option is used to help sshd to detect and drop connections that are potentially malicious for the SSH server;\n\nLoginGraceTime: Set to a resonable value, this option controls how much time the SSH server will wait the client to authenticate before dropping its connection;\n\nAll the three option above needs to be set to implement a full mitigation for this vulnerability."
        }
      ],
      "x_redhatCweChain": "CWE-770: Allocation of Resources Without Limits or Throttling"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-26466",
    "datePublished": "2025-02-28T21:25:28.861Z",
    "dateReserved": "2025-02-10T18:31:47.979Z",
    "dateUpdated": "2026-02-10T17:13:57.386Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CERTFR-2025-AVI-1021

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits HPE Aruba Networking. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
HPE Aruba Networking	AOS	AOS-CX versions antérieures à 10.14.1060
HPE Aruba Networking	AOS	AOS-CX versions antérieures à 10.16.1006
HPE Aruba Networking	AirWave Management Platform	Airwave Management Platform versions antérieures à 8.3.0.5
HPE Aruba Networking	AOS	AOS-CX versions antérieures à 10.10.1170
HPE Aruba Networking	N/A	100 Series Cellular Bridge versions antérieures à AOS 10.7.2.0
HPE Aruba Networking	AOS	AOS-CX versions antérieures à 10.15.1030
HPE Aruba Networking	AOS	AOS-CX versions antérieures à 10.13.1101

References

Title

Publication Time

Tags

Bulletin de sécurité HPE Aruba Networking HPESBNW04888	2025-11-18	vendor-advisory
Bulletin de sécurité HPE Aruba Networking HPESBNW04971	2025-11-18	vendor-advisory
Bulletin de sécurité HPE Aruba Networking HPESBNW04970	2025-11-18	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "AOS-CX versions ant\u00e9rieures \u00e0 10.14.1060",
      "product": {
        "name": "AOS",
        "vendor": {
          "name": "HPE Aruba Networking",
          "scada": false
        }
      }
    },
    {
      "description": "AOS-CX versions ant\u00e9rieures \u00e0 10.16.1006",
      "product": {
        "name": "AOS",
        "vendor": {
          "name": "HPE Aruba Networking",
          "scada": false
        }
      }
    },
    {
      "description": "Airwave Management Platform versions ant\u00e9rieures \u00e0 8.3.0.5",
      "product": {
        "name": "AirWave Management Platform",
        "vendor": {
          "name": "HPE Aruba Networking",
          "scada": false
        }
      }
    },
    {
      "description": "AOS-CX versions ant\u00e9rieures \u00e0 10.10.1170",
      "product": {
        "name": "AOS",
        "vendor": {
          "name": "HPE Aruba Networking",
          "scada": false
        }
      }
    },
    {
      "description": "100 Series Cellular Bridge versions ant\u00e9rieures \u00e0 AOS 10.7.2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "HPE Aruba Networking",
          "scada": false
        }
      }
    },
    {
      "description": "AOS-CX versions ant\u00e9rieures \u00e0 10.15.1030",
      "product": {
        "name": "AOS",
        "vendor": {
          "name": "HPE Aruba Networking",
          "scada": false
        }
      }
    },
    {
      "description": "AOS-CX versions ant\u00e9rieures \u00e0 10.13.1101",
      "product": {
        "name": "AOS",
        "vendor": {
          "name": "HPE Aruba Networking",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-12086",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12086"
    },
    {
      "name": "CVE-2025-37162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37162"
    },
    {
      "name": "CVE-2025-26466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26466"
    },
    {
      "name": "CVE-2024-12084",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12084"
    },
    {
      "name": "CVE-2025-37159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37159"
    },
    {
      "name": "CVE-2025-37158",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37158"
    },
    {
      "name": "CVE-2024-12085",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12085"
    },
    {
      "name": "CVE-2024-12087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12087"
    },
    {
      "name": "CVE-2024-12747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12747"
    },
    {
      "name": "CVE-2025-37160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37160"
    },
    {
      "name": "CVE-2025-37163",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37163"
    },
    {
      "name": "CVE-2025-37161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37161"
    },
    {
      "name": "CVE-2024-12088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-12088"
    },
    {
      "name": "CVE-2025-37156",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37156"
    },
    {
      "name": "CVE-2025-37155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37155"
    },
    {
      "name": "CVE-2025-37157",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-37157"
    }
  ],
  "initial_release_date": "2025-11-19T00:00:00",
  "last_revision_date": "2025-11-19T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-1021",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-11-19T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits HPE Aruba Networking. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits HPE Aruba Networking",
  "vendor_advisories": [
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 HPE Aruba Networking HPESBNW04888",
      "url": "https://csaf.arubanetworks.com/2025/hpe_aruba_networking_-_hpesbnw04888.txt"
    },
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 HPE Aruba Networking HPESBNW04971",
      "url": "https://csaf.arubanetworks.com/2025/hpe_aruba_networking_-_hpesbnw04971.txt"
    },
    {
      "published_at": "2025-11-18",
      "title": "Bulletin de s\u00e9curit\u00e9 HPE Aruba Networking HPESBNW04970",
      "url": "https://csaf.arubanetworks.com/2025/hpe_aruba_networking_-_hpesbnw04970.txt"
    }
  ]
}

CERTFR-2025-AVI-0139

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans OpenSSH. Elles permettent à un attaquant de provoquer un déni de service à distance et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	OpenSSH	OpenSSH	OpenSSH versions antérieures à 9.9p2

References

Title

Publication Time

Tags

Bulletin de sécurité OpenSSH 9.9p2

2025-02-18

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "OpenSSH versions ant\u00e9rieures  \u00e0 9.9p2",
      "product": {
        "name": "OpenSSH",
        "vendor": {
          "name": "OpenSSH",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-26465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26465"
    },
    {
      "name": "CVE-2025-26466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26466"
    }
  ],
  "initial_release_date": "2025-02-18T00:00:00",
  "last_revision_date": "2025-02-18T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0139",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-02-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans OpenSSH. Elles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans OpenSSH",
  "vendor_advisories": [
    {
      "published_at": "2025-02-18",
      "title": "Bulletin de s\u00e9curit\u00e9 OpenSSH 9.9p2",
      "url": "https://www.openssh.com/txt/release-9.9p2"
    }
  ]
}

CERTFR-2025-AVI-0393

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Apple indique que la vulnérabilité CVE-2025-31200 est activement exploitée.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Apple	macOS	macOS Sonoma versions antérieures à 14.7.6
Apple	macOS	macOS Sequoia versions antérieures à 15.5
Apple	iPadOS	iPadOS versions 18.x antérieures à 18.5
Apple	N/A	watchOS versions antérieures à 11.5
Apple	Safari	Safari versions antérieures à 18.5
Apple	N/A	visionOS versions antérieures à 2.5
Apple	macOS	macOS Ventura versions antérieures à 13.7.6
Apple	iPadOS	iPadOS versions antérieures à 17.7.7
Apple	iOS	iOS versions antérieures à 18.5
Apple	N/A	tvOS versions antérieures à 18.5

References

Title

Publication Time

Tags

Bulletin de sécurité Apple 122404	2025-05-12	vendor-advisory
Bulletin de sécurité Apple 122717	2025-05-12	vendor-advisory
Bulletin de sécurité Apple 122405	2025-05-12	vendor-advisory
Bulletin de sécurité Apple 122716	2025-05-12	vendor-advisory
Bulletin de sécurité Apple 122718	2025-05-12	vendor-advisory
Bulletin de sécurité Apple 122721	2025-05-12	vendor-advisory
Bulletin de sécurité Apple 122720	2025-05-12	vendor-advisory
Bulletin de sécurité Apple 122719	2025-05-12	vendor-advisory
Bulletin de sécurité Apple 122722	2025-05-12	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "macOS Sonoma versions ant\u00e9rieures \u00e0 14.7.6",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Sequoia versions ant\u00e9rieures \u00e0 15.5",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iPadOS versions 18.x ant\u00e9rieures \u00e0 18.5",
      "product": {
        "name": "iPadOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "watchOS versions ant\u00e9rieures \u00e0 11.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 18.5",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "visionOS versions ant\u00e9rieures \u00e0 2.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Ventura versions ant\u00e9rieures \u00e0 13.7.6",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iPadOS versions ant\u00e9rieures \u00e0 17.7.7",
      "product": {
        "name": "iPadOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions ant\u00e9rieures \u00e0 18.5",
      "product": {
        "name": "iOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "tvOS versions ant\u00e9rieures \u00e0 18.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-31240",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31240"
    },
    {
      "name": "CVE-2025-31247",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31247"
    },
    {
      "name": "CVE-2025-26465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26465"
    },
    {
      "name": "CVE-2025-31221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31221"
    },
    {
      "name": "CVE-2025-31209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31209"
    },
    {
      "name": "CVE-2025-24155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24155"
    },
    {
      "name": "CVE-2025-31204",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31204"
    },
    {
      "name": "CVE-2025-31227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31227"
    },
    {
      "name": "CVE-2025-31218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31218"
    },
    {
      "name": "CVE-2025-31228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31228"
    },
    {
      "name": "CVE-2025-31226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31226"
    },
    {
      "name": "CVE-2025-31212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31212"
    },
    {
      "name": "CVE-2025-26466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26466"
    },
    {
      "name": "CVE-2025-31208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31208"
    },
    {
      "name": "CVE-2024-8176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
    },
    {
      "name": "CVE-2025-24144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24144"
    },
    {
      "name": "CVE-2025-30440",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30440"
    },
    {
      "name": "CVE-2025-24142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24142"
    },
    {
      "name": "CVE-2025-24225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24225"
    },
    {
      "name": "CVE-2025-31219",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31219"
    },
    {
      "name": "CVE-2025-31251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31251"
    },
    {
      "name": "CVE-2025-31217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31217"
    },
    {
      "name": "CVE-2025-31241",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31241"
    },
    {
      "name": "CVE-2025-31196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31196"
    },
    {
      "name": "CVE-2025-31234",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31234"
    },
    {
      "name": "CVE-2025-31245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31245"
    },
    {
      "name": "CVE-2025-31220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31220"
    },
    {
      "name": "CVE-2025-30442",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30442"
    },
    {
      "name": "CVE-2025-31235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31235"
    },
    {
      "name": "CVE-2025-31200",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31200"
    },
    {
      "name": "CVE-2025-24097",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24097"
    },
    {
      "name": "CVE-2025-30448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30448"
    },
    {
      "name": "CVE-2025-31249",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31249"
    },
    {
      "name": "CVE-2025-24274",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24274"
    },
    {
      "name": "CVE-2025-31238",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31238"
    },
    {
      "name": "CVE-2025-24220",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24220"
    },
    {
      "name": "CVE-2025-31210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31210"
    },
    {
      "name": "CVE-2025-31207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31207"
    },
    {
      "name": "CVE-2025-31242",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31242"
    },
    {
      "name": "CVE-2025-31206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31206"
    },
    {
      "name": "CVE-2025-31244",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31244"
    },
    {
      "name": "CVE-2025-24259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24259"
    },
    {
      "name": "CVE-2025-31259",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31259"
    },
    {
      "name": "CVE-2025-31232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31232"
    },
    {
      "name": "CVE-2025-31250",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31250"
    },
    {
      "name": "CVE-2025-31223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31223"
    },
    {
      "name": "CVE-2025-31224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31224"
    },
    {
      "name": "CVE-2025-31214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31214"
    },
    {
      "name": "CVE-2025-31246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31246"
    },
    {
      "name": "CVE-2025-31213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31213"
    },
    {
      "name": "CVE-2025-31256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31256"
    },
    {
      "name": "CVE-2025-24258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24258"
    },
    {
      "name": "CVE-2025-24111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24111"
    },
    {
      "name": "CVE-2025-24222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24222"
    },
    {
      "name": "CVE-2025-31225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31225"
    },
    {
      "name": "CVE-2025-31205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31205"
    },
    {
      "name": "CVE-2025-24223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24223"
    },
    {
      "name": "CVE-2025-24213",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-24213"
    },
    {
      "name": "CVE-2025-31260",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31260"
    },
    {
      "name": "CVE-2025-31236",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31236"
    },
    {
      "name": "CVE-2025-31222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31222"
    },
    {
      "name": "CVE-2025-31237",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31237"
    },
    {
      "name": "CVE-2025-31257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31257"
    },
    {
      "name": "CVE-2025-31239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31239"
    },
    {
      "name": "CVE-2025-31233",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31233"
    },
    {
      "name": "CVE-2025-30453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30453"
    },
    {
      "name": "CVE-2025-31258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31258"
    },
    {
      "name": "CVE-2025-31253",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31253"
    },
    {
      "name": "CVE-2025-31215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-31215"
    },
    {
      "name": "CVE-2025-30443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30443"
    }
  ],
  "initial_release_date": "2025-05-13T00:00:00",
  "last_revision_date": "2025-05-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0393",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-05-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.\n\nApple indique que la vuln\u00e9rabilit\u00e9 CVE-2025-31200 est activement exploit\u00e9e.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": "2025-05-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 122404",
      "url": "https://support.apple.com/en-us/122404"
    },
    {
      "published_at": "2025-05-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 122717",
      "url": "https://support.apple.com/en-us/122717"
    },
    {
      "published_at": "2025-05-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 122405",
      "url": "https://support.apple.com/en-us/122405"
    },
    {
      "published_at": "2025-05-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 122716",
      "url": "https://support.apple.com/en-us/122716"
    },
    {
      "published_at": "2025-05-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 122718",
      "url": "https://support.apple.com/en-us/122718"
    },
    {
      "published_at": "2025-05-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 122721",
      "url": "https://support.apple.com/en-us/122721"
    },
    {
      "published_at": "2025-05-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 122720",
      "url": "https://support.apple.com/en-us/122720"
    },
    {
      "published_at": "2025-05-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 122719",
      "url": "https://support.apple.com/en-us/122719"
    },
    {
      "published_at": "2025-05-12",
      "title": "Bulletin de s\u00e9curit\u00e9 Apple 122722",
      "url": "https://support.apple.com/en-us/122722"
    }
  ]
}

CERTFR-2025-AVI-0486

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Qnap. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Qnap	QTS	QTS versions 5.2.x antérieures à 5.2.4.3079 build 20250321
Qnap	QuRouter	QuRouter versions 2.4.x et 2.5.x antérieures à 2.5.0.140
Qnap	QuTS hero	QuTS hero versions h5.2.x antérieures à h5.2.4.3079 build 20250321
Qnap	License Center	License Center versions 1.9.x antérieures à 1.9.49
Qnap	File Station	File Station 5 versions 5.5.x antérieures à 5.5.6.4847
Qnap	Qsync	Qsync Central versions 4.5.x antérieures à 4.5.0.6
Qnap	QES	QES versions 2.2.x antérieures à 2.2.1 build 20250304

References

Title

Publication Time

Tags

Bulletin de sécurité Qnap QSA-25-17	2025-06-07	vendor-advisory
Bulletin de sécurité Qnap QSA-25-11	2025-06-07	vendor-advisory
Bulletin de sécurité Qnap QSA-25-14	2025-06-07	vendor-advisory
Bulletin de sécurité Qnap QSA-25-10	2025-06-07	vendor-advisory
Bulletin de sécurité Qnap QSA-25-09	2025-06-07	vendor-advisory
Bulletin de sécurité Qnap QSA-25-15	2025-06-07	vendor-advisory
Bulletin de sécurité Qnap QSA-25-13	2025-06-07	vendor-advisory
Bulletin de sécurité Qnap QSA-25-16	2025-06-07	vendor-advisory
Bulletin de sécurité Qnap QSA-25-12	2025-06-07	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "QTS versions 5.2.x ant\u00e9rieures \u00e0 5.2.4.3079 build 20250321",
      "product": {
        "name": "QTS",
        "vendor": {
          "name": "Qnap",
          "scada": false
        }
      }
    },
    {
      "description": "QuRouter versions 2.4.x et 2.5.x ant\u00e9rieures \u00e0 2.5.0.140",
      "product": {
        "name": "QuRouter",
        "vendor": {
          "name": "Qnap",
          "scada": false
        }
      }
    },
    {
      "description": "QuTS hero versions h5.2.x ant\u00e9rieures \u00e0 h5.2.4.3079 build 20250321",
      "product": {
        "name": "QuTS hero",
        "vendor": {
          "name": "Qnap",
          "scada": false
        }
      }
    },
    {
      "description": "License Center versions 1.9.x ant\u00e9rieures \u00e0 1.9.49",
      "product": {
        "name": "License Center",
        "vendor": {
          "name": "Qnap",
          "scada": false
        }
      }
    },
    {
      "description": "File Station 5 versions 5.5.x ant\u00e9rieures \u00e0 5.5.6.4847",
      "product": {
        "name": "File Station",
        "vendor": {
          "name": "Qnap",
          "scada": false
        }
      }
    },
    {
      "description": "Qsync Central versions 4.5.x ant\u00e9rieures \u00e0 4.5.0.6",
      "product": {
        "name": "Qsync",
        "vendor": {
          "name": "Qnap",
          "scada": false
        }
      }
    },
    {
      "description": "QES versions 2.2.x ant\u00e9rieures \u00e0 2.2.1 build 20250304",
      "product": {
        "name": "QES",
        "vendor": {
          "name": "Qnap",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-26465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26465"
    },
    {
      "name": "CVE-2025-33031",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-33031"
    },
    {
      "name": "CVE-2024-56805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-56805"
    },
    {
      "name": "CVE-2024-50406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50406"
    },
    {
      "name": "CVE-2025-22482",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22482"
    },
    {
      "name": "CVE-2025-26466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26466"
    },
    {
      "name": "CVE-2025-29872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-29872"
    },
    {
      "name": "CVE-2025-29892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-29892"
    },
    {
      "name": "CVE-2025-22490",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22490"
    },
    {
      "name": "CVE-2025-29873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-29873"
    },
    {
      "name": "CVE-2025-29884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-29884"
    },
    {
      "name": "CVE-2025-33035",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-33035"
    },
    {
      "name": "CVE-2025-29876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-29876"
    },
    {
      "name": "CVE-2025-22485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22485"
    },
    {
      "name": "CVE-2024-13087",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-13087"
    },
    {
      "name": "CVE-2025-22484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22484"
    },
    {
      "name": "CVE-2023-28370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28370"
    },
    {
      "name": "CVE-2025-29877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-29877"
    },
    {
      "name": "CVE-2025-29883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-29883"
    },
    {
      "name": "CVE-2025-30279",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30279"
    },
    {
      "name": "CVE-2025-22486",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22486"
    },
    {
      "name": "CVE-2025-29871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-29871"
    },
    {
      "name": "CVE-2024-6387",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-6387"
    },
    {
      "name": "CVE-2025-22481",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22481"
    },
    {
      "name": "CVE-2024-13088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-13088"
    },
    {
      "name": "CVE-2025-29885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-29885"
    }
  ],
  "initial_release_date": "2025-06-10T00:00:00",
  "last_revision_date": "2025-06-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0486",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-06-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Injection SQL (SQLi)"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Qnap. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Qnap",
  "vendor_advisories": [
    {
      "published_at": "2025-06-07",
      "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-17",
      "url": "https://www.qnap.com/go/security-advisory/qsa-25-17"
    },
    {
      "published_at": "2025-06-07",
      "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-11",
      "url": "https://www.qnap.com/go/security-advisory/qsa-25-11"
    },
    {
      "published_at": "2025-06-07",
      "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-14",
      "url": "https://www.qnap.com/go/security-advisory/qsa-25-14"
    },
    {
      "published_at": "2025-06-07",
      "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-10",
      "url": "https://www.qnap.com/go/security-advisory/qsa-25-10"
    },
    {
      "published_at": "2025-06-07",
      "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-09",
      "url": "https://www.qnap.com/go/security-advisory/qsa-25-09"
    },
    {
      "published_at": "2025-06-07",
      "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-15",
      "url": "https://www.qnap.com/go/security-advisory/qsa-25-15"
    },
    {
      "published_at": "2025-06-07",
      "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-13",
      "url": "https://www.qnap.com/go/security-advisory/qsa-25-13"
    },
    {
      "published_at": "2025-06-07",
      "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-16",
      "url": "https://www.qnap.com/go/security-advisory/qsa-25-16"
    },
    {
      "published_at": "2025-06-07",
      "title": "Bulletin de s\u00e9curit\u00e9 Qnap QSA-25-12",
      "url": "https://www.qnap.com/go/security-advisory/qsa-25-12"
    }
  ]
}

CERTFR-2025-AVI-0583

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Juniper Networks	Apstra	Apstra versions antérieures à 6.0.0
Juniper Networks	Security Director	Security Director versions antérieures à 24.4.1-1703
Juniper Networks	CTPView	CTPview versions antérieures à 9.3R2
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions antérieures à 21.4R3-S7-EVO, 22.2R3-S6-EVO, 22.2R3-S7-EVO, 22.3R3-S3-EVO, 22.4R3-S5-EVO, 22.4R3-S6-EVO, 22.4R3-S7-EVO, 23.2R2-EVO, 23.2R2-S1-EVO, 23.2R2-S3-EVO, 23.2R2-S4-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 23.4R2-S4-EVO, 23.4R2-S5-EVO, 24.2R1-EVO, 24.2R2-EVO, 24.2R2-S1-EVO, 24.4R1-EVO, 24.4R1-S2-EVO, 24.4R1-S3-EVO, 24.4R2-EVO, 25.1R1-EVO et 25.2R1-EVO
Juniper Networks	Junos OS	Junos OS versions antérieures à 21.2R3-S9, 21.4R3-S10, 21.4R3-S11, 21.4R3-S7, 21.4R3-S8, 21.4R3-S9, 22.2R3-S1, 22.2R3-S4, 22.2R3-S5, 22.2R3-S6, 22.2R3-S7, 22.3R3-S3, 22.4R2, 22.4R3-S2, 22.4R3-S5, 22.4R3-S6, 22.4R3-S7, 23.2R1, 23.2R2, 23.2R2-S1, 23.2R2-S3, 23.2R2-S4, 23.4R1-S2, 23.4R2, 23.4R2-S3, 23.4R2-S4, 23.4R2-S5, 24.2R1, 24.2R1-S1, 24.2R1-S2, 24.2R2, 24.2R2-S1, 24.4R1, 24.4R1-S2, 24.4R1-S3, 24.4R2 et 25.2R1

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper Networks CVE-2025-52988	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-52963	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-52958	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-52985	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-52986	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2024-3596	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-52989	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-52981	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-52983	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-52946	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-52954	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-52953	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-52947	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-52949	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks 2025-07-Security-Bulletin-Juniper-Apstra-Multiple-Vulnerabilities-resolved-in-Intel-microcode-package	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-26466	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-52955	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-52952	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-30661	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-52951	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-52984	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-52948	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-52964	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-52982	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-52950	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-52980	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks CVE-2025-6549	2025-07-09	vendor-advisory
Bulletin de sécurité Juniper Networks 2025-07-Security-Bulletin-Junos-OS-Evolved-Multiple-vulnerabilities-resolved-for-Insecure-Implementation-of-Tunneling-Protocols-GRE-IPIP-4in6-6in4-VU-199397	2025-07-09	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Apstra versions ant\u00e9rieures \u00e0 6.0.0",
      "product": {
        "name": "Apstra",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Security Director versions ant\u00e9rieures \u00e0 24.4.1-1703",
      "product": {
        "name": "Security Director",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "CTPview versions ant\u00e9rieures \u00e0 9.3R2",
      "product": {
        "name": "CTPView",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 21.4R3-S7-EVO, 22.2R3-S6-EVO, 22.2R3-S7-EVO, 22.3R3-S3-EVO, 22.4R3-S5-EVO, 22.4R3-S6-EVO, 22.4R3-S7-EVO, 23.2R2-EVO, 23.2R2-S1-EVO, 23.2R2-S3-EVO, 23.2R2-S4-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 23.4R2-S4-EVO, 23.4R2-S5-EVO, 24.2R1-EVO, 24.2R2-EVO, 24.2R2-S1-EVO, 24.4R1-EVO, 24.4R1-S2-EVO, 24.4R1-S3-EVO, 24.4R2-EVO, 25.1R1-EVO et 25.2R1-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 21.2R3-S9, 21.4R3-S10, 21.4R3-S11, 21.4R3-S7, 21.4R3-S8, 21.4R3-S9, 22.2R3-S1, 22.2R3-S4, 22.2R3-S5, 22.2R3-S6, 22.2R3-S7, 22.3R3-S3, 22.4R2, 22.4R3-S2, 22.4R3-S5, 22.4R3-S6, 22.4R3-S7, 23.2R1, 23.2R2, 23.2R2-S1, 23.2R2-S3, 23.2R2-S4, 23.4R1-S2, 23.4R2, 23.4R2-S3, 23.4R2-S4, 23.4R2-S5, 24.2R1, 24.2R1-S1, 24.2R1-S2, 24.2R2, 24.2R2-S1, 24.4R1, 24.4R1-S2, 24.4R1-S3, 24.4R2 et 25.2R1",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-52984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52984"
    },
    {
      "name": "CVE-2020-10136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-10136"
    },
    {
      "name": "CVE-2024-23918",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23918"
    },
    {
      "name": "CVE-2024-21820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21820"
    },
    {
      "name": "CVE-2025-52950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52950"
    },
    {
      "name": "CVE-2025-52983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52983"
    },
    {
      "name": "CVE-2025-52952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52952"
    },
    {
      "name": "CVE-2025-52963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52963"
    },
    {
      "name": "CVE-2024-3596",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3596"
    },
    {
      "name": "CVE-2025-26466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-26466"
    },
    {
      "name": "CVE-2024-23984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23984"
    },
    {
      "name": "CVE-2025-52986",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52986"
    },
    {
      "name": "CVE-2025-52988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52988"
    },
    {
      "name": "CVE-2025-52949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52949"
    },
    {
      "name": "CVE-2025-6549",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-6549"
    },
    {
      "name": "CVE-2025-52954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52954"
    },
    {
      "name": "CVE-2024-7595",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-7595"
    },
    {
      "name": "CVE-2025-52947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52947"
    },
    {
      "name": "CVE-2025-52958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52958"
    },
    {
      "name": "CVE-2025-52964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52964"
    },
    {
      "name": "CVE-2025-52946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52946"
    },
    {
      "name": "CVE-2024-21853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21853"
    },
    {
      "name": "CVE-2025-52951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52951"
    },
    {
      "name": "CVE-2025-23019",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23019"
    },
    {
      "name": "CVE-2025-52955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52955"
    },
    {
      "name": "CVE-2025-23018",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23018"
    },
    {
      "name": "CVE-2025-52948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52948"
    },
    {
      "name": "CVE-2025-52981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52981"
    },
    {
      "name": "CVE-2024-24968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-24968"
    },
    {
      "name": "CVE-2025-52953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52953"
    },
    {
      "name": "CVE-2025-52985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52985"
    },
    {
      "name": "CVE-2025-52989",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52989"
    },
    {
      "name": "CVE-2025-52980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52980"
    },
    {
      "name": "CVE-2025-52982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-52982"
    },
    {
      "name": "CVE-2025-30661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-30661"
    }
  ],
  "initial_release_date": "2025-07-10T00:00:00",
  "last_revision_date": "2025-07-10T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0583",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-07-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
  "vendor_advisories": [
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-52988",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Privilege-escalation-via-CLI-command-request-system-logout-CVE-2025-52988"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-52963",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-A-low-privileged-user-can-disable-an-interface-CVE-2025-52963"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-52958",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-route-validation-is-enabled-BGP-connection-establishment-failure-causes-RPD-crash-CVE-2025-52958"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-52985",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-Evolved-When-a-control-plane-firewall-filter-refers-to-a-prefix-list-with-more-then-10-entries-it-s-not-matching-CVE-2025-52985"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-52986",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-RIB-sharding-is-configured-each-time-a-show-command-is-executed-RPD-memory-leaks-CVE-2025-52986"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2024-3596",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Vulnerability-in-the-RADIUS-protocol-for-Subscriber-Management-Blast-RADIUS-CVE-2024-3596"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-52989",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Annotate-configuration-command-can-be-used-for-privilege-escalation-CVE-2025-52989"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-52981",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-SRX-Series-Sequence-of-specific-PIM-packets-causes-a-flowd-crash-CVE-2025-52981"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-52983",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-After-removing-ssh-public-key-authentication-root-can-still-log-in-CVE-2025-52983"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-52946",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-With-traceoptions-enabled-receipt-of-malformed-AS-PATH-causes-RPD-crash-CVE-2025-52946"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-52954",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-Evolved-A-low-privileged-user-can-execute-CLI-commands-and-modify-the-configuration-compromise-the-system-CVE-2025-52954"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-52953",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-An-unauthenticated-adjacent-attacker-sending-a-valid-BGP-UPDATE-packet-forces-a-BGP-session-reset-CVE-2025-52953"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-52947",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-ACX-Series-When-hot-standby-mode-is-configured-for-an-L2-circuit-interface-flap-causes-the-FEB-to-crash"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-52949",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-In-an-EVPN-environment-receipt-of-a-specifically-malformed-BGP-update-causes-RPD-crash-CVE-2025-52949"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks 2025-07-Security-Bulletin-Juniper-Apstra-Multiple-Vulnerabilities-resolved-in-Intel-microcode-package",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Juniper-Apstra-Multiple-Vulnerabilities-resolved-in-Intel-microcode-package"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-26466",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-CTPView-OpenSSH-vulnerability-CVE-2025-26466-resolved-in-9-3R2-release"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-52955",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-When-jflow-sflow-is-enabled-receipt-of-specific-route-updates-causes-rpd-crash-CVE-2025-52955"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-52952",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-MX-Series-with-MPC-BUILTIN-MPC-1-through-MPC-9-Receipt-and-processing-of-a-malformed-packet-causes-one-or-more-FPCs-to-crash-CVE-2025-52952"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-30661",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-Low-privileged-user-can-cause-script-to-run-as-root-leading-to-privilege-escalation-CVE-2025-30661"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-52951",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-IPv6-firewall-filter-fails-to-match-payload-protocol-CVE-2025-52951"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-52984",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-a-static-route-points-to-an-unreachable-next-hop-and-a-gNMI-query-for-this-route-is-processed-RPD-crashes-CVE-2025-52984"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-52948",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-Specific-unknown-traffic-pattern-causes-FPC-and-system-to-crash-when-packet-capturing-is-enabled-CVE-2025-52948"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-52964",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Junos-OS-and-Junos-OS-Evolved-Receipt-of-a-specific-BGP-UPDATE-causes-an-rpd-crash-on-devices-with-BGP-multipath-configured-CVE-2025-52964"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-52982",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-MX-Series-When-specific-SIP-packets-are-processed-the-MS-MPC-will-crash-CVE-2025-52982"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-52950",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Juniper-Security-Director-Insufficient-authorization-for-multiple-endpoints-in-web-interface-CVE-2025-52950"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-52980",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-SRX300-Series-Upon-receiving-a-specific-valid-BGP-UPDATE-message-rpd-will-crash-CVE-2025-52980"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-6549",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-SRX-Series-J-Web-can-be-exposed-on-additional-interfaces-CVE-2025-6549"
    },
    {
      "published_at": "2025-07-09",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks 2025-07-Security-Bulletin-Junos-OS-Evolved-Multiple-vulnerabilities-resolved-for-Insecure-Implementation-of-Tunneling-Protocols-GRE-IPIP-4in6-6in4-VU-199397",
      "url": "https://supportportal.juniper.net/s/article/2025-07-Security-Bulletin-Junos-OS-Evolved-Multiple-vulnerabilities-resolved-for-Insecure-Implementation-of-Tunneling-Protocols-GRE-IPIP-4in6-6in4-VU-199397"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2025-26466 (GCVE-0-2025-26466)

Vulnerability from cvelistv5

CERTFR-2025-AVI-1021

Vulnerability from certfr_avis

Solutions

CERTFR-2025-AVI-0139

Vulnerability from certfr_avis

Solutions

CERTFR-2025-AVI-0393

Vulnerability from certfr_avis

Solutions

CERTFR-2025-AVI-0486

Vulnerability from certfr_avis

Solutions

CERTFR-2025-AVI-0583

Vulnerability from certfr_avis

Solutions

Tags

Sightings

Nomenclature