CVE-2025-59960 - Vulnerability Details

Vendors	Products
Juniper Networks	Junos Os Junos Os Evolved

Link	Providers
https://kb.juniper.net/JSA103149
https://supportportal.juniper.net/

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Type	Values Removed	Values Added
First Time appeared		Juniper Networks Juniper Networks junos Os Juniper Networks junos Os Evolved
Vendors & Products		Juniper Networks Juniper Networks junos Os Juniper Networks junos Os Evolved

Type	Values Removed	Values Added
Description		An Improper Check for Unusual or Exceptional Conditions vulnerability in the Juniper DHCP service (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows a DHCP client in one subnet to exhaust the address pools of other subnets, leading to a Denial of Service (DoS) on the downstream DHCP server. By default, the DHCP relay agent inserts its own Option 82 information when forwarding client requests, optionally replacing any Option 82 information provided by the client. When a specific DHCP DISCOVER is received in 'forward-only' mode with Option 82, the device should drop the message unless 'trust-option82' is configured. Instead, the DHCP relay forwards these packets to the DHCP server unmodified, which uses up addresses in the DHCP server's address pool, ultimately leading to address pool exhaustion. This issue affects Junos OS: * all versions before 21.2R3-S10, * from 21.4 before 21.4R3-S12, * all versions of 22.2, * from 22.4 before 22.4R3-S8, * from 23.2 before 23.2R2-S5, * from 23.4 before 23.4R2-S6, * from 24.2 before 24.2R2-S2, * from 24.4 before 24.4R2, * from 25.2 before 25.2R1-S1, 25.2R2. Junos OS Evolved: * all versions before 21.4R3-S12-EVO, * all versions of 22.2-EVO, * from 22.4 before 22.4R3-S8-EVO, * from 23.2 before 23.2R2-S5-EVO, * from 23.4 before 23.4R2-S6-EVO, * from 24.2 before 24.2R2-S2-EVO, * from 24.4 before 24.4R2-EVO, * from 25.2 before 25.2R1-S1-EVO, 25.2R2-EVO.
Title		Junos OS and Junos OS Evolved: DHCP Option 82 messages from clients being passed unmodified to the DHCP server
Weaknesses		CWE-754
References		https://kb.juniper.net/JSA103149 https://supportportal.juniper.net/
Metrics		cvssV3_1 `{'score': 7.4, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H'}` cvssV4_0 `{'score': 6.3, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:N/SA:H/AU:Y/R:U/V:C/RE:M/U:Amber'}`

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-59960", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "state": "PUBLISHED", "assignerShortName": "juniper", "dateReserved": "2025-09-23T18:19:06.954Z", "datePublished": "2026-01-15T20:14:00.582Z", "dateUpdated": "2026-01-16T16:27:58.152Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Junos OS", "vendor": "Juniper Networks", "versions": [{"lessThan": "21.2R3-S10", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "21.4R3-S12", "status": "affected", "version": "21.4", "versionType": "semver"}, {"lessThan": "22.2*", "status": "affected", "version": "22.2", "versionType": "semver"}, {"lessThan": "22.4R3-S8", "status": "affected", "version": "22.4", "versionType": "semver"}, {"lessThan": "23.2R2-S5", "status": "affected", "version": "23.2", "versionType": "semver"}, {"lessThan": "23.4R2-S6", "status": "affected", "version": "23.4", "versionType": "semver"}, {"lessThan": "24.2R2-S2", "status": "affected", "version": "24.2", "versionType": "semver"}, {"lessThan": "24.4R2", "status": "affected", "version": "24.4", "versionType": "semver"}, {"lessThan": "25.2R1-S1, 25.2R2", "status": "affected", "version": "25.2", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Junos OS Evolved", "vendor": "Juniper Networks", "versions": [{"lessThan": "21.4R3-S12-EVO", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "22.2*", "status": "affected", "version": "22.2", "versionType": "semver"}, {"lessThan": "22.4R3-S8-EVO", "status": "affected", "version": "22.4", "versionType": "semver"}, {"lessThan": "23.2R2-S5-EVO", "status": "affected", "version": "23.2", "versionType": "semver"}, {"lessThan": "23.4R2-S6-EVO", "status": "affected", "version": "23.4", "versionType": "semver"}, {"lessThan": "24.2R2-S2-EVO", "status": "affected", "version": "24.2", "versionType": "semver"}, {"lessThan": "24.4R2-EVO", "status": "affected", "version": "24.4", "versionType": "semver"}, {"lessThan": "25.2R1-S1-EVO, 25.2R2-EVO", "status": "affected", "version": "25.2", "versionType": "semver"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "DHCP Relay must be configured for forward-only to be vulnerable to this issue: <tt>[ forwarding-options dhcp-relay forward-only ] </tt>"}], "value": "DHCP Relay must be configured for forward-only to be vulnerable to this issue:\n\n[ forwarding-options dhcp-relay forward-only ]"}], "datePublic": "2026-01-14T17:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Juniper DHCP service (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows a DHCP client in one subnet to exhaust the address pools of other subnets, leading to a Denial of Service (DoS) on the downstream DHCP server. \n\nBy default, the DHCP relay agent inserts its own Option 82 information when forwarding client requests, optionally replacing any Option 82 information provided by the client. When a specific DHCP DISCOVER is received in 'forward-only' mode with Option 82, the device should drop the message unless 'trust-option82' is configured. Instead, the DHCP relay forwards these packets to the DHCP server unmodified, which uses up addresses in the DHCP server's address pool, ultimately leading to address pool exhaustion. This issue affects Junos OS: <ul><li>all versions before 21.2R3-S10,</li><li>from 21.4 before 21.4R3-S12,</li><li>all versions of 22.2,</li><li>from 22.4 before 22.4R3-S8, </li><li>from 23.2 before 23.2R2-S5, </li><li>from 23.4 before 23.4R2-S6, </li><li>from 24.2 before 24.2R2-S2, </li><li>from 24.4 before 24.4R2, </li><li>from 25.2 before 25.2R1-S1, 25.2R2.</li></ul>Junos OS Evolved:<ul><li>all versions before 21.4R3-S12-EVO, </li><li>all versions of 22.2-EVO,</li><li>from 22.4 before 22.4R3-S8-EVO, </li><li>from 23.2 before 23.2R2-S5-EVO, </li><li>from 23.4 before 23.4R2-S6-EVO, </li><li>from 24.2 before 24.2R2-S2-EVO, </li><li>from 24.4 before 24.4R2-EVO, </li><li>from 25.2 before 25.2R1-S1-EVO, 25.2R2-EVO.</li></ul>"}], "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Juniper DHCP service (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows a DHCP client in one subnet to exhaust the address pools of other subnets, leading to a Denial of Service (DoS) on the downstream DHCP server.\n\n\n\nBy default, the DHCP relay agent inserts its own Option 82 information when forwarding client requests, optionally replacing any Option 82 information provided by the client. When a specific DHCP DISCOVER is received in 'forward-only' mode with Option 82, the device should drop the message unless 'trust-option82' is configured. Instead, the DHCP relay forwards these packets to the DHCP server unmodified, which uses up addresses in the DHCP server's address pool, ultimately leading to address pool exhaustion.\n\nThis issue affects Junos OS:\u00a0\n\n\n\n * all versions before 21.2R3-S10,\n * from 21.4 before 21.4R3-S12,\n * all versions of 22.2,\n * from 22.4 before 22.4R3-S8,\u00a0\n * from 23.2 before 23.2R2-S5,\u00a0\n * from 23.4 before 23.4R2-S6,\u00a0\n * from 24.2 before 24.2R2-S2,\u00a0\n * from 24.4 before 24.4R2,\u00a0\n * from 25.2 before 25.2R1-S1, 25.2R2.\n\n\n\n\nJunos OS Evolved:\n\n\n\n * all versions before 21.4R3-S12-EVO,\u00a0\n * all versions of 22.2-EVO,\n * from 22.4 before 22.4R3-S8-EVO,\u00a0\n * from 23.2 before 23.2R2-S5-EVO,\u00a0\n * from 23.4 before 23.4R2-S6-EVO,\u00a0\n * from 24.2 before 24.2R2-S2-EVO,\u00a0\n * from 24.4 before 24.4R2-EVO,\u00a0\n * from 25.2 before 25.2R1-S1-EVO, 25.2R2-EVO."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "YES", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 6.3, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "providerUrgency": "AMBER", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:N/SA:H/AU:Y/R:U/V:C/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-754", "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2026-01-15T20:14:00.582Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://supportportal.juniper.net/"}, {"tags": ["vendor-advisory"], "url": "https://kb.juniper.net/JSA103149"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: Junos OS 21.2R3-S10, 21.4R3-S12, 22.4R3-S8, 23.2R2-S5, 23.4R2-S6, 24.2R2-S2, 24.4R2, 25.2R1-S1, 25.2R2, 25.4R1, and all subsequent releases. \n\nJunos OS Evolved 21.4R3-S12-EVO, 22.4R3-S8-EVO, 23.2R2-S5-EVO, 23.4R2-S6-EVO, 24.2R2-S2-EVO, 24.4R2-EVO, 25.2R1-S1-EVO, 25.2R2-EVO, 25.4R1-EVO, and all subsequent releases.\n\n "}], "value": "The following software releases have been updated to resolve this specific issue: \nJunos OS 21.2R3-S10, 21.4R3-S12, 22.4R3-S8, 23.2R2-S5, 23.4R2-S6, 24.2R2-S2, 24.4R2, 25.2R1-S1, 25.2R2, 25.4R1, and all subsequent releases.\n\n\nJunos OS Evolved 21.4R3-S12-EVO, 22.4R3-S8-EVO, 23.2R2-S5-EVO, 23.4R2-S6-EVO, 24.2R2-S2-EVO, 24.4R2-EVO, 25.2R1-S1-EVO, 25.2R2-EVO, 25.4R1-EVO, and all subsequent releases."}], "source": {"advisory": "JSA103149", "defect": ["1876407"], "discovery": "USER"}, "timeline": [{"lang": "en", "time": "2026-01-14T17:00:00.000Z", "value": "Initial Publication"}], "title": "Junos OS and Junos OS Evolved: DHCP Option 82 messages from clients being passed unmodified to the DHCP server", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "There are no known workarounds for this issue."}], "value": "There are no known workarounds for this issue."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-16T16:27:50.519720Z", "id": "CVE-2025-59960", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-16T16:27:58.152Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-59960", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-16T16:27:50.519720Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-16T16:27:54.742Z"}}], "cna": {"title": "Junos OS and Junos OS Evolved: DHCP Option 82 messages from clients being passed unmodified to the DHCP server", "source": {"defect": ["1876407"], "advisory": "JSA103149", "discovery": "USER"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 6.3, "Automatable": "YES", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:N/SA:H/AU:Y/R:U/V:C/RE:M/U:Amber", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Juniper Networks", "product": "Junos OS", "versions": [{"status": "affected", "version": "0", "lessThan": "21.2R3-S10", "versionType": "semver"}, {"status": "affected", "version": "21.4", "lessThan": "21.4R3-S12", "versionType": "semver"}, {"status": "affected", "version": "22.2", "lessThan": "22.2*", "versionType": "semver"}, {"status": "affected", "version": "22.4", "lessThan": "22.4R3-S8", "versionType": "semver"}, {"status": "affected", "version": "23.2", "lessThan": "23.2R2-S5", "versionType": "semver"}, {"status": "affected", "version": "23.4", "lessThan": "23.4R2-S6", "versionType": "semver"}, {"status": "affected", "version": "24.2", "lessThan": "24.2R2-S2", "versionType": "semver"}, {"status": "affected", "version": "24.4", "lessThan": "24.4R2", "versionType": "semver"}, {"status": "affected", "version": "25.2", "lessThan": "25.2R1-S1, 25.2R2", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Juniper Networks", "product": "Junos OS Evolved", "versions": [{"status": "affected", "version": "0", "lessThan": "21.4R3-S12-EVO", "versionType": "semver"}, {"status": "affected", "version": "22.2", "lessThan": "22.2*", "versionType": "semver"}, {"status": "affected", "version": "22.4", "lessThan": "22.4R3-S8-EVO", "versionType": "semver"}, {"status": "affected", "version": "23.2", "lessThan": "23.2R2-S5-EVO", "versionType": "semver"}, {"status": "affected", "version": "23.4", "lessThan": "23.4R2-S6-EVO", "versionType": "semver"}, {"status": "affected", "version": "24.2", "lessThan": "24.2R2-S2-EVO", "versionType": "semver"}, {"status": "affected", "version": "24.4", "lessThan": "24.4R2-EVO", "versionType": "semver"}, {"status": "affected", "version": "25.2", "lessThan": "25.2R1-S1-EVO, 25.2R2-EVO", "versionType": "semver"}], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", "supportingMedia": [{"type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", "base64": false}]}], "timeline": [{"lang": "en", "time": "2026-01-14T17:00:00.000Z", "value": "Initial Publication"}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: \nJunos OS 21.2R3-S10, 21.4R3-S12, 22.4R3-S8, 23.2R2-S5, 23.4R2-S6, 24.2R2-S2, 24.4R2, 25.2R1-S1, 25.2R2, 25.4R1, and all subsequent releases.\n\n\nJunos OS Evolved 21.4R3-S12-EVO, 22.4R3-S8-EVO, 23.2R2-S5-EVO, 23.4R2-S6-EVO, 24.2R2-S2-EVO, 24.4R2-EVO, 25.2R1-S1-EVO, 25.2R2-EVO, 25.4R1-EVO, and all subsequent releases.", "supportingMedia": [{"type": "text/html", "value": "The following software releases have been updated to resolve this specific issue: Junos OS 21.2R3-S10, 21.4R3-S12, 22.4R3-S8, 23.2R2-S5, 23.4R2-S6, 24.2R2-S2, 24.4R2, 25.2R1-S1, 25.2R2, 25.4R1, and all subsequent releases. \n\nJunos OS Evolved 21.4R3-S12-EVO, 22.4R3-S8-EVO, 23.2R2-S5-EVO, 23.4R2-S6-EVO, 24.2R2-S2-EVO, 24.4R2-EVO, 25.2R1-S1-EVO, 25.2R2-EVO, 25.4R1-EVO, and all subsequent releases.\n\n ", "base64": false}]}], "datePublic": "2026-01-14T17:00:00.000Z", "references": [{"url": "https://supportportal.juniper.net/", "tags": ["vendor-advisory"]}, {"url": "https://kb.juniper.net/JSA103149", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "There are no known workarounds for this issue.", "supportingMedia": [{"type": "text/html", "value": "There are no known workarounds for this issue.", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Juniper DHCP service (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows a DHCP client in one subnet to exhaust the address pools of other subnets, leading to a Denial of Service (DoS) on the downstream DHCP server.\n\n\n\nBy default, the DHCP relay agent inserts its own Option 82 information when forwarding client requests, optionally replacing any Option 82 information provided by the client. When a specific DHCP DISCOVER is received in 'forward-only' mode with Option 82, the device should drop the message unless 'trust-option82' is configured. Instead, the DHCP relay forwards these packets to the DHCP server unmodified, which uses up addresses in the DHCP server's address pool, ultimately leading to address pool exhaustion.\n\nThis issue affects Junos OS:\u00a0\n\n\n\n * all versions before 21.2R3-S10,\n * from 21.4 before 21.4R3-S12,\n * all versions of 22.2,\n * from 22.4 before 22.4R3-S8,\u00a0\n * from 23.2 before 23.2R2-S5,\u00a0\n * from 23.4 before 23.4R2-S6,\u00a0\n * from 24.2 before 24.2R2-S2,\u00a0\n * from 24.4 before 24.4R2,\u00a0\n * from 25.2 before 25.2R1-S1, 25.2R2.\n\n\n\n\nJunos OS Evolved:\n\n\n\n * all versions before 21.4R3-S12-EVO,\u00a0\n * all versions of 22.2-EVO,\n * from 22.4 before 22.4R3-S8-EVO,\u00a0\n * from 23.2 before 23.2R2-S5-EVO,\u00a0\n * from 23.4 before 23.4R2-S6-EVO,\u00a0\n * from 24.2 before 24.2R2-S2-EVO,\u00a0\n * from 24.4 before 24.4R2-EVO,\u00a0\n * from 25.2 before 25.2R1-S1-EVO, 25.2R2-EVO.", "supportingMedia": [{"type": "text/html", "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Juniper DHCP service (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows a DHCP client in one subnet to exhaust the address pools of other subnets, leading to a Denial of Service (DoS) on the downstream DHCP server. \n\nBy default, the DHCP relay agent inserts its own Option 82 information when forwarding client requests, optionally replacing any Option 82 information provided by the client. When a specific DHCP DISCOVER is received in 'forward-only' mode with Option 82, the device should drop the message unless 'trust-option82' is configured. Instead, the DHCP relay forwards these packets to the DHCP server unmodified, which uses up addresses in the DHCP server's address pool, ultimately leading to address pool exhaustion. This issue affects Junos OS: <ul><li>all versions before 21.2R3-S10,</li><li>from 21.4 before 21.4R3-S12,</li><li>all versions of 22.2,</li><li>from 22.4 before 22.4R3-S8, </li><li>from 23.2 before 23.2R2-S5, </li><li>from 23.4 before 23.4R2-S6, </li><li>from 24.2 before 24.2R2-S2, </li><li>from 24.4 before 24.4R2, </li><li>from 25.2 before 25.2R1-S1, 25.2R2.</li></ul>Junos OS Evolved:<ul><li>all versions before 21.4R3-S12-EVO, </li><li>all versions of 22.2-EVO,</li><li>from 22.4 before 22.4R3-S8-EVO, </li><li>from 23.2 before 23.2R2-S5-EVO, </li><li>from 23.4 before 23.4R2-S6-EVO, </li><li>from 24.2 before 24.2R2-S2-EVO, </li><li>from 24.4 before 24.4R2-EVO, </li><li>from 25.2 before 25.2R1-S1-EVO, 25.2R2-EVO.</li></ul>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-754", "description": "CWE-754 Improper Check for Unusual or Exceptional Conditions"}]}], "configurations": [{"lang": "en", "value": "DHCP Relay must be configured for forward-only to be vulnerable to this issue:\n\n[ forwarding-options dhcp-relay forward-only ]", "supportingMedia": [{"type": "text/html", "value": "DHCP Relay must be configured for forward-only to be vulnerable to this issue: <tt>[ forwarding-options dhcp-relay forward-only ] </tt>", "base64": false}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2026-01-15T20:14:00.582Z"}}}, "cveMetadata": {"cveId": "CVE-2025-59960", "state": "PUBLISHED", "dateUpdated": "2026-01-16T16:27:58.152Z", "dateReserved": "2025-09-23T18:19:06.954Z", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "datePublished": "2026-01-15T20:14:00.582Z", "assignerShortName": "juniper"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the Juniper DHCP service (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows a DHCP client in one subnet to exhaust the address pools of other subnets, leading to a Denial of Service (DoS) on the downstream DHCP server.\n\n\n\nBy default, the DHCP relay agent inserts its own Option 82 information when forwarding client requests, optionally replacing any Option 82 information provided by the client. When a specific DHCP DISCOVER is received in 'forward-only' mode with Option 82, the device should drop the message unless 'trust-option82' is configured. Instead, the DHCP relay forwards these packets to the DHCP server unmodified, which uses up addresses in the DHCP server's address pool, ultimately leading to address pool exhaustion.\n\nThis issue affects Junos OS:\u00a0\n\n\n\n * all versions before 21.2R3-S10,\n * from 21.4 before 21.4R3-S12,\n * all versions of 22.2,\n * from 22.4 before 22.4R3-S8,\u00a0\n * from 23.2 before 23.2R2-S5,\u00a0\n * from 23.4 before 23.4R2-S6,\u00a0\n * from 24.2 before 24.2R2-S2,\u00a0\n * from 24.4 before 24.4R2,\u00a0\n * from 25.2 before 25.2R1-S1, 25.2R2.\n\n\n\n\nJunos OS Evolved:\n\n\n\n * all versions before 21.4R3-S12-EVO,\u00a0\n * all versions of 22.2-EVO,\n * from 22.4 before 22.4R3-S8-EVO,\u00a0\n * from 23.2 before 23.2R2-S5-EVO,\u00a0\n * from 23.4 before 23.4R2-S6-EVO,\u00a0\n * from 24.2 before 24.2R2-S2-EVO,\u00a0\n * from 24.4 before 24.4R2-EVO,\u00a0\n * from 25.2 before 25.2R1-S1-EVO, 25.2R2-EVO."}], "id": "CVE-2025-59960", "lastModified": "2026-01-16T15:55:12.257", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.0, "source": "sirt@juniper.net", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "AMBER", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "CONCENTRATED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:M/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "MODERATE"}, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2026-01-15T21:16:03.213", "references": [{"source": "sirt@juniper.net", "url": "https://kb.juniper.net/JSA103149"}, {"source": "sirt@juniper.net", "url": "https://supportportal.juniper.net/"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-754"}], "source": "sirt@juniper.net", "type": "Primary"}]}

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact None

Subsequent System Availability Impact High

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact None

Subsequent System Availability Impact High

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object