CVE-2025-30658
HIGHDescription
A Missing Release of Memory after Effective Lifetime vulnerability in the Anti-Virus processing of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On all SRX platforms with Anti-Virus enabled, if a server sends specific content in the HTTP body of a response to a client request, these packets are queued by Anti-Virus processing in Juniper Buffers (jbufs) which are never released. When these jbufs are exhausted, the device stops forwarding all transit traffic. A jbuf memory leak can be noticed from the following logs: (<node>.)<fpc> Warning: jbuf pool id <#> utilization level (<current level>%) is above <threshold>%! To recover from this issue, the affected device needs to be manually rebooted to free the leaked jbufs. This issue affects Junos OS on SRX Series: * all versions before 21.2R3-S9, * 21.4 versions before 21.4R3-S10, * 22.2 versions before 22.2R3-S6, * 22.4 versions before 22.4R3-S6, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S3, * 24.2 versions before 24.2R2.
Is your site exposed to CVE-2025-30658?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | srx1500 |
| juniper | srx1600 |
| juniper | srx2300 |
| juniper | srx300 |
| juniper | srx320 |
| juniper | srx340 |
| juniper | srx345 |
| juniper | srx380 |
| juniper | srx4100 |
| juniper | srx4120 |
| juniper | srx4200 |
| juniper | srx4300 |
| juniper | srx4600 |
| juniper | srx4700 |
| juniper | srx5400 |
| juniper | srx5600 |
| juniper | srx5800 |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2025-30658? +
How severe is CVE-2025-30658? +
What products are affected by CVE-2025-30658? +
How do I check if I'm vulnerable to CVE-2025-30658? +
Related Vulnerabilities
A denial-of-service security issue exists within the 1794-AENTR adapter due to improper memory handling of CIP protocol requests. This vulnerability …
Virtual attribute handling in Ping Identity PingDirectory in affected versions allows only authorized users to exhaust java memory heap when …
Missing Release of Memory after Effective Lifetime vulnerability in leandrocp mdex and mdex_native allows an attacker who controls a rendered …
imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts().
A vulnerability in the management and VPN web servers of the Remote Access SSL VPN feature of Cisco Secure Firewall …
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature of Cisco IOS Software, IOS XE Software, Secure Firewall …