CVE-2025-30656

HIGH
Published Apr 9, 2025 Modified Jan 23, 2026 CWE-167

Description

An Improper Handling of Additional Special Element vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series with MS-MPC, MS-MIC and SPC3, and SRX Series, allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If the SIP ALG processes specifically formatted SIP invites, a memory corruption will occur which will lead to a crash of the FPC processing these packets. Although the system will automatically recover with the restart of the FPC, subsequent SIP invites will cause the crash again and lead to a sustained DoS. This issue affects Junos OS on MX Series and SRX Series:  * all versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S10, * 22.2 versions before 22.2R3-S6, * 22.4 versions before 22.4R3-S5, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S3, * 24.2 versions before 24.2R1-S2, 24.2R2.

Is your site exposed to CVE-2025-30656?

Run a free security scan — no signup, results in seconds.

CVSS v3.1 Score

7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weakness Type (CWE)

CWE-167 CWE-167

Affected Products

Vendor Product
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper junos
juniper mx10004
juniper mx10008
juniper mx2008
juniper mx2010
juniper mx2020
juniper mx204
juniper mx240
juniper mx304
juniper mx480
juniper mx960
juniper srx1500
juniper srx1600
juniper srx2300
juniper srx300
juniper srx320
juniper srx340
juniper srx345
juniper srx380
juniper srx4100
juniper srx4120
juniper srx4200
juniper srx4300
juniper srx4600
juniper srx4700
juniper srx5400
juniper srx5600
juniper srx5800

References

Frequently Asked Questions

What is CVE-2025-30656? +
An Improper Handling of Additional Special Element vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series with MS-MPC, MS-MIC and SPC3, and SRX Series, allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If the SIP ALG processes specifically formatted SIP invites, a memory corruption will occur which will lead to a crash of the FPC processing these packets. Although the system will automatically recover with the restart of the FPC, subsequent SIP invites will cause the crash again and lead to a sustained DoS. This issue affects Junos OS on MX Series and SRX Series:  * all versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S10, * 22.2 versions before 22.2R3-S6, * 22.4 versions before 22.4R3-S5, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S3, * 24.2 versions before 24.2R1-S2, 24.2R2. It has a CVSS v3.1 base score of 7.5 (HIGH).
How severe is CVE-2025-30656? +
CVE-2025-30656 has a CVSS v3.1 score of 7.5 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching.
What products are affected by CVE-2025-30656? +
CVE-2025-30656 affects products from juniper, specifically: junos, mx10004, mx10008, mx2008, mx2010, mx2020, mx204, mx240, mx304, mx480, mx960, srx1500, srx1600, srx2300, srx300, srx320, srx340, srx345, srx380, srx4100, srx4120, srx4200, srx4300, srx4600, srx4700, srx5400, srx5600, srx5800. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2025-30656? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2025-30656 — free, no signup required.