Refine your search
4 vulnerabilities found for EOS by Arista Networks
CVE-2025-8872 (GCVE-0-2025-8872)
Vulnerability from nvd
Published
2025-12-16 19:32
Modified
2025-12-16 19:51
Severity ?
7.1 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Summary
On affected platforms running Arista EOS with OSPFv3 configured, a specially crafted packet can cause the OSFPv3 process to have high CPU utilization which may result in the OSFPv3 process being restarted. This may cause disruption in the OSFPv3 routes on the switch.
This issue was discovered internally by Arista and is not aware of any malicious uses of this issue in customer networks.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Version: 4.34.0 < Version: 4.33.0 < Version: 4.32.0 < Version: 4.31.0 < Version: 0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8872",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T19:50:49.156832Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T19:51:10.033Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"710/710XP Series",
"720XP/722XPM Series",
"750X Series",
"7010 Series",
"7010X Series",
"7020R Series",
"7130 Series running EOS",
"7150 Series",
"7160 Series",
"7170 Series",
"7050X/X2/X3/X4 Series",
"7060X/X2/X4/X5/X6 Series",
"7250X Series",
"7260X/X3 Series",
"7280E/R/R2/R3 Series",
"7300X/X3 Series",
"7320X Series",
"7358X4 Series",
"7368X4 Series",
"7388X5 Series",
"7500E/R/R2/R3 Series",
"7700R4 Series",
"7800R3/R4 Series",
"AWE 5000 Series",
"AWE 7200R Series",
"CloudEOS",
"cEOS-lab",
"vEOS-lab",
"CloudVision eXchange",
"virtual or physical appliance"
],
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.34.1F",
"status": "affected",
"version": "4.34.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.33.4M",
"status": "affected",
"version": "4.33.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.32.7M",
"status": "affected",
"version": "4.32.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.31.8M",
"status": "affected",
"version": "4.31.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.31.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2025-8872, the following condition must be met:\u003c/p\u003e\u003cp\u003eThe OSFPv3 protocol must be configured in either the default or non default vrf and at least one neighbor must be present\u003c/p\u003e\u003cpre\u003eswitch\u0026gt;show ospfv3\nOSPFv3 address-family ipv6\nRouting Process \"ospfv3\" with ID 192.0.2.0 and Instance 0 VRF default\n FIPS mode disabled\n Maximum number of LSAs allowed 0\n Exceed action disable\n LSA limit for warning message 75%\n Disabled-time 5 minutes, clear timeout 5 minutes\n Incident count 0, incident count limit 5\n It is an autonomous system boundary router and is not an area border router\n Minimum LSA arrival interval 1000 msecs\n Initial LSA throttle delay 1000 msecs\n Minimum hold time for LSA throttle 5000 msecs\n Maximum wait time for LSA throttle 5000 msecs\n It has 1 fully adjacent neighbors\n Number of areas in this router is 1. 1 normal, 0 stub, 0 nssa\n Number of LSAs 8\n Initial SPF schedule delay 0 msecs\n Minimum hold time between two consecutive SPFs 5000 msecs\n Current hold time between two consecutive SPFs 5000 msecs\n Maximum wait time between two consecutive SPFs 5000 msecs\n SPF algorithm last executed 00:04:52 ago\n No scheduled SPF\n Adjacency exchange-start threshold is 20\n Maximum number of next-hops supported in ECMP is 128\n Number of backbone neighbors is 0\n Graceful-restart is not configured\n Graceful-restart-helper mode is enabled\n Area 0.0.0.0\n Number of interface in this area is 1\n It is a normal area\n SPF algorithm executed 6 times\n \nswitch\u0026gt;show ospfv3 neighbor\nOSPFv3 address-family ipv6\nRouting Process \"ospfv3\" Instance 0 VRF default\nNeighbor 192.0.3.0 VRF default priority is 1, state is Full\n In area 0.0.0.0 interface Ethernet4\n Adjacency was established 00:00:49 ago\n Current state was established 00:00:49 ago\n DR is 3.3.3.3 BDR is 2.2.2.2\n Options is E R V6\n Dead timer is due in 29 seconds\n Graceful-restart-helper mode is Inactive\n Graceful-restart attempts: 0\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eIf OSFPv3 is not configured there is no exposure to this issue and the show command will not produce any output\u003c/p\u003e\u003cpre\u003eswitch\u0026gt;show ospfv3\n \nswitch\u0026gt;show ospfv3 neighbor\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "In order to be vulnerable to CVE-2025-8872, the following condition must be met:\n\nThe OSFPv3 protocol must be configured in either the default or non default vrf and at least one neighbor must be present\n\nswitch\u003eshow ospfv3\nOSPFv3 address-family ipv6\nRouting Process \"ospfv3\" with ID 192.0.2.0 and Instance 0 VRF default\n FIPS mode disabled\n Maximum number of LSAs allowed 0\n Exceed action disable\n LSA limit for warning message 75%\n Disabled-time 5 minutes, clear timeout 5 minutes\n Incident count 0, incident count limit 5\n It is an autonomous system boundary router and is not an area border router\n Minimum LSA arrival interval 1000 msecs\n Initial LSA throttle delay 1000 msecs\n Minimum hold time for LSA throttle 5000 msecs\n Maximum wait time for LSA throttle 5000 msecs\n It has 1 fully adjacent neighbors\n Number of areas in this router is 1. 1 normal, 0 stub, 0 nssa\n Number of LSAs 8\n Initial SPF schedule delay 0 msecs\n Minimum hold time between two consecutive SPFs 5000 msecs\n Current hold time between two consecutive SPFs 5000 msecs\n Maximum wait time between two consecutive SPFs 5000 msecs\n SPF algorithm last executed 00:04:52 ago\n No scheduled SPF\n Adjacency exchange-start threshold is 20\n Maximum number of next-hops supported in ECMP is 128\n Number of backbone neighbors is 0\n Graceful-restart is not configured\n Graceful-restart-helper mode is enabled\n Area 0.0.0.0\n Number of interface in this area is 1\n It is a normal area\n SPF algorithm executed 6 times\n \nswitch\u003eshow ospfv3 neighbor\nOSPFv3 address-family ipv6\nRouting Process \"ospfv3\" Instance 0 VRF default\nNeighbor 192.0.3.0 VRF default priority is 1, state is Full\n In area 0.0.0.0 interface Ethernet4\n Adjacency was established 00:00:49 ago\n Current state was established 00:00:49 ago\n DR is 3.3.3.3 BDR is 2.2.2.2\n Options is E R V6\n Dead timer is due in 29 seconds\n Graceful-restart-helper mode is Inactive\n Graceful-restart attempts: 0\n\n\n\u00a0\n\nIf OSFPv3 is not configured there is no exposure to this issue and the show command will not produce any output\n\nswitch\u003eshow ospfv3\n \nswitch\u003eshow ospfv3 neighbor"
}
],
"datePublic": "2025-12-16T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOn affected platforms running Arista EOS with OSPFv3 configured, a specially crafted packet can cause the OSFPv3 process to have high CPU utilization which may result in the OSFPv3 process being restarted. This may cause disruption in the OSFPv3 routes on the switch.\u003c/p\u003e\u003cp\u003eThis issue was discovered internally by Arista and is not aware of any malicious uses of this issue in customer networks.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "On affected platforms running Arista EOS with OSPFv3 configured, a specially crafted packet can cause the OSFPv3 process to have high CPU utilization which may result in the OSFPv3 process being restarted. This may cause disruption in the OSFPv3 routes on the switch.\n\nThis issue was discovered internally by Arista and is not aware of any malicious uses of this issue in customer networks."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T19:32:20.528Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/23115-security-advisory-0128"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience.\u003c/p\u003e\u003cp\u003eArista recommends customers move to the latest version of each release that contains all the fixes listed below.\u003c/p\u003e\u003cp\u003eFor more information about upgrading see: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003eCVE-2025-8872 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003e4.34.2F and later releases in the 4.34.x train\u003c/li\u003e\u003cli\u003e4.33.5M and later releases in the 4.33.x train\u003c/li\u003e\u003cli\u003e4.32.8M and later releases in the 4.32.x train\u003c/li\u003e\u003cli\u003e4.31.9M and later releases in the 4.31.x train\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience.\n\nArista recommends customers move to the latest version of each release that contains all the fixes listed below.\n\nFor more information about upgrading see: EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\nCVE-2025-8872 has been fixed in the following releases:\n\n * 4.34.2F and later releases in the 4.34.x train\n * 4.33.5M and later releases in the 4.33.x train\n * 4.32.8M and later releases in the 4.32.x train\n * 4.31.9M and later releases in the 4.31.x train"
}
],
"source": {
"advisory": "128",
"defect": [
"BUG1203059"
],
"discovery": "INTERNAL"
},
"title": "A specially crafted packet can cause the OSFPv3 process to have high CPU utilization which may result in the OSFPv3 process being restarted",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is no workaround to mitigate the issue.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "There is no workaround to mitigate the issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-8872",
"datePublished": "2025-12-16T19:32:20.528Z",
"dateReserved": "2025-08-11T18:18:36.004Z",
"dateUpdated": "2025-12-16T19:51:10.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8870 (GCVE-0-2025-8870)
Vulnerability from nvd
Published
2025-11-14 15:57
Modified
2025-11-14 16:29
Severity ?
4.9 (Medium) - CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
5.6 (Medium) - CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
5.6 (Medium) - CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
VLAI Severity ?
EPSS score ?
CWE
Summary
On affected platforms running Arista EOS, certain serial console input might result in an unexpected reload of the device.153
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Version: 4.34.2FX < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8870",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-14T16:28:58.202689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T16:29:13.516Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"710X Series"
],
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"status": "affected",
"version": "4.34.2FX",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eIn order to be vulnerable to CVE-2025-8870, both of the following conditions must be met:\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eAn attacker must have a serial interface connection to the device or access to remotely access the console via the console port. Network remote access does not cause this issue.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eAND\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eDevice must be using the Synopsys Designware serial model:\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cbr\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e#bash dmesg | grep \"Synopsys DesignWare\"\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e[ \u0026nbsp; 1.287358] 10200000.serial: ttyS0 at MMIO 0x10200000 (irq = 15, base_baud = 15625000) is a \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eSynopsys DesignWare\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e[ \u0026nbsp; 1.287845] 10201000.serial: ttyS1 at MMIO 0x10201000 (irq = 164, base_baud = 15625000) is a Synopsys DesignWare\u003c/span\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "In order to be vulnerable to CVE-2025-8870, both of the following conditions must be met:\n\n\n * An attacker must have a serial interface connection to the device or access to remotely access the console via the console port. Network remote access does not cause this issue.\n\n\nAND\n\n * Device must be using the Synopsys Designware serial model:\n\n\n\n#bash dmesg | grep \"Synopsys DesignWare\"\n\n[ \u00a0 1.287358] 10200000.serial: ttyS0 at MMIO 0x10200000 (irq = 15, base_baud = 15625000) is a Synopsys DesignWare\n\n[ \u00a0 1.287845] 10201000.serial: ttyS1 at MMIO 0x10201000 (irq = 164, base_baud = 15625000) is a Synopsys DesignWare"
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arista_networks:eos:4.34.2fx:*:710x_series:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"datePublic": "2025-11-11T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eOn affected platforms running Arista EOS, certain serial console input might result in an unexpected reload of the device.153\u003c/span\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "On affected platforms running Arista EOS, certain serial console input might result in an unexpected reload of the device.153"
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "PHYSICAL",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T15:57:04.673Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/22811-security-advisory-0125"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003e\u003cspan style=\"background-color: transparent;\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eCVE-2025-8870 has been fixed in the following releases:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e4.35.0F and later releases\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\n\nCVE-2025-8870 has been fixed in the following releases:\n\n * 4.35.0F and later releases"
}
],
"source": {
"defect": [
"1206724"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista EOS, certain serial console input might result in an unexpected reload of the device.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eThe mitigation is to limit access to the serial console.\u003c/span\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "The mitigation is to limit access to the serial console."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-8870",
"datePublished": "2025-11-14T15:57:04.673Z",
"dateReserved": "2025-08-11T18:15:44.614Z",
"dateUpdated": "2025-11-14T16:29:13.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8872 (GCVE-0-2025-8872)
Vulnerability from cvelistv5
Published
2025-12-16 19:32
Modified
2025-12-16 19:51
Severity ?
7.1 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Summary
On affected platforms running Arista EOS with OSPFv3 configured, a specially crafted packet can cause the OSFPv3 process to have high CPU utilization which may result in the OSFPv3 process being restarted. This may cause disruption in the OSFPv3 routes on the switch.
This issue was discovered internally by Arista and is not aware of any malicious uses of this issue in customer networks.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Version: 4.34.0 < Version: 4.33.0 < Version: 4.32.0 < Version: 4.31.0 < Version: 0 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8872",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T19:50:49.156832Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T19:51:10.033Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"710/710XP Series",
"720XP/722XPM Series",
"750X Series",
"7010 Series",
"7010X Series",
"7020R Series",
"7130 Series running EOS",
"7150 Series",
"7160 Series",
"7170 Series",
"7050X/X2/X3/X4 Series",
"7060X/X2/X4/X5/X6 Series",
"7250X Series",
"7260X/X3 Series",
"7280E/R/R2/R3 Series",
"7300X/X3 Series",
"7320X Series",
"7358X4 Series",
"7368X4 Series",
"7388X5 Series",
"7500E/R/R2/R3 Series",
"7700R4 Series",
"7800R3/R4 Series",
"AWE 5000 Series",
"AWE 7200R Series",
"CloudEOS",
"cEOS-lab",
"vEOS-lab",
"CloudVision eXchange",
"virtual or physical appliance"
],
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"lessThanOrEqual": "4.34.1F",
"status": "affected",
"version": "4.34.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.33.4M",
"status": "affected",
"version": "4.33.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.32.7M",
"status": "affected",
"version": "4.32.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.31.8M",
"status": "affected",
"version": "4.31.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "4.31.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eIn order to be vulnerable to CVE-2025-8872, the following condition must be met:\u003c/p\u003e\u003cp\u003eThe OSFPv3 protocol must be configured in either the default or non default vrf and at least one neighbor must be present\u003c/p\u003e\u003cpre\u003eswitch\u0026gt;show ospfv3\nOSPFv3 address-family ipv6\nRouting Process \"ospfv3\" with ID 192.0.2.0 and Instance 0 VRF default\n FIPS mode disabled\n Maximum number of LSAs allowed 0\n Exceed action disable\n LSA limit for warning message 75%\n Disabled-time 5 minutes, clear timeout 5 minutes\n Incident count 0, incident count limit 5\n It is an autonomous system boundary router and is not an area border router\n Minimum LSA arrival interval 1000 msecs\n Initial LSA throttle delay 1000 msecs\n Minimum hold time for LSA throttle 5000 msecs\n Maximum wait time for LSA throttle 5000 msecs\n It has 1 fully adjacent neighbors\n Number of areas in this router is 1. 1 normal, 0 stub, 0 nssa\n Number of LSAs 8\n Initial SPF schedule delay 0 msecs\n Minimum hold time between two consecutive SPFs 5000 msecs\n Current hold time between two consecutive SPFs 5000 msecs\n Maximum wait time between two consecutive SPFs 5000 msecs\n SPF algorithm last executed 00:04:52 ago\n No scheduled SPF\n Adjacency exchange-start threshold is 20\n Maximum number of next-hops supported in ECMP is 128\n Number of backbone neighbors is 0\n Graceful-restart is not configured\n Graceful-restart-helper mode is enabled\n Area 0.0.0.0\n Number of interface in this area is 1\n It is a normal area\n SPF algorithm executed 6 times\n \nswitch\u0026gt;show ospfv3 neighbor\nOSPFv3 address-family ipv6\nRouting Process \"ospfv3\" Instance 0 VRF default\nNeighbor 192.0.3.0 VRF default priority is 1, state is Full\n In area 0.0.0.0 interface Ethernet4\n Adjacency was established 00:00:49 ago\n Current state was established 00:00:49 ago\n DR is 3.3.3.3 BDR is 2.2.2.2\n Options is E R V6\n Dead timer is due in 29 seconds\n Graceful-restart-helper mode is Inactive\n Graceful-restart attempts: 0\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eIf OSFPv3 is not configured there is no exposure to this issue and the show command will not produce any output\u003c/p\u003e\u003cpre\u003eswitch\u0026gt;show ospfv3\n \nswitch\u0026gt;show ospfv3 neighbor\u003c/pre\u003e\u003cbr\u003e"
}
],
"value": "In order to be vulnerable to CVE-2025-8872, the following condition must be met:\n\nThe OSFPv3 protocol must be configured in either the default or non default vrf and at least one neighbor must be present\n\nswitch\u003eshow ospfv3\nOSPFv3 address-family ipv6\nRouting Process \"ospfv3\" with ID 192.0.2.0 and Instance 0 VRF default\n FIPS mode disabled\n Maximum number of LSAs allowed 0\n Exceed action disable\n LSA limit for warning message 75%\n Disabled-time 5 minutes, clear timeout 5 minutes\n Incident count 0, incident count limit 5\n It is an autonomous system boundary router and is not an area border router\n Minimum LSA arrival interval 1000 msecs\n Initial LSA throttle delay 1000 msecs\n Minimum hold time for LSA throttle 5000 msecs\n Maximum wait time for LSA throttle 5000 msecs\n It has 1 fully adjacent neighbors\n Number of areas in this router is 1. 1 normal, 0 stub, 0 nssa\n Number of LSAs 8\n Initial SPF schedule delay 0 msecs\n Minimum hold time between two consecutive SPFs 5000 msecs\n Current hold time between two consecutive SPFs 5000 msecs\n Maximum wait time between two consecutive SPFs 5000 msecs\n SPF algorithm last executed 00:04:52 ago\n No scheduled SPF\n Adjacency exchange-start threshold is 20\n Maximum number of next-hops supported in ECMP is 128\n Number of backbone neighbors is 0\n Graceful-restart is not configured\n Graceful-restart-helper mode is enabled\n Area 0.0.0.0\n Number of interface in this area is 1\n It is a normal area\n SPF algorithm executed 6 times\n \nswitch\u003eshow ospfv3 neighbor\nOSPFv3 address-family ipv6\nRouting Process \"ospfv3\" Instance 0 VRF default\nNeighbor 192.0.3.0 VRF default priority is 1, state is Full\n In area 0.0.0.0 interface Ethernet4\n Adjacency was established 00:00:49 ago\n Current state was established 00:00:49 ago\n DR is 3.3.3.3 BDR is 2.2.2.2\n Options is E R V6\n Dead timer is due in 29 seconds\n Graceful-restart-helper mode is Inactive\n Graceful-restart attempts: 0\n\n\n\u00a0\n\nIf OSFPv3 is not configured there is no exposure to this issue and the show command will not produce any output\n\nswitch\u003eshow ospfv3\n \nswitch\u003eshow ospfv3 neighbor"
}
],
"datePublic": "2025-12-16T16:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eOn affected platforms running Arista EOS with OSPFv3 configured, a specially crafted packet can cause the OSFPv3 process to have high CPU utilization which may result in the OSFPv3 process being restarted. This may cause disruption in the OSFPv3 routes on the switch.\u003c/p\u003e\u003cp\u003eThis issue was discovered internally by Arista and is not aware of any malicious uses of this issue in customer networks.\u003c/p\u003e\u003cbr\u003e"
}
],
"value": "On affected platforms running Arista EOS with OSPFv3 configured, a specially crafted packet can cause the OSFPv3 process to have high CPU utilization which may result in the OSFPv3 process being restarted. This may cause disruption in the OSFPv3 routes on the switch.\n\nThis issue was discovered internally by Arista and is not aware of any malicious uses of this issue in customer networks."
}
],
"impacts": [
{
"capecId": "CAPEC-130",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-130 Excessive Allocation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T19:32:20.528Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/23115-security-advisory-0128"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience.\u003c/p\u003e\u003cp\u003eArista recommends customers move to the latest version of each release that contains all the fixes listed below.\u003c/p\u003e\u003cp\u003eFor more information about upgrading see: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003eCVE-2025-8872 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003e4.34.2F and later releases in the 4.34.x train\u003c/li\u003e\u003cli\u003e4.33.5M and later releases in the 4.33.x train\u003c/li\u003e\u003cli\u003e4.32.8M and later releases in the 4.32.x train\u003c/li\u003e\u003cli\u003e4.31.9M and later releases in the 4.31.x train\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience.\n\nArista recommends customers move to the latest version of each release that contains all the fixes listed below.\n\nFor more information about upgrading see: EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\nCVE-2025-8872 has been fixed in the following releases:\n\n * 4.34.2F and later releases in the 4.34.x train\n * 4.33.5M and later releases in the 4.33.x train\n * 4.32.8M and later releases in the 4.32.x train\n * 4.31.9M and later releases in the 4.31.x train"
}
],
"source": {
"advisory": "128",
"defect": [
"BUG1203059"
],
"discovery": "INTERNAL"
},
"title": "A specially crafted packet can cause the OSFPv3 process to have high CPU utilization which may result in the OSFPv3 process being restarted",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is no workaround to mitigate the issue.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "There is no workaround to mitigate the issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-8872",
"datePublished": "2025-12-16T19:32:20.528Z",
"dateReserved": "2025-08-11T18:18:36.004Z",
"dateUpdated": "2025-12-16T19:51:10.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-8870 (GCVE-0-2025-8870)
Vulnerability from cvelistv5
Published
2025-11-14 15:57
Modified
2025-11-14 16:29
Severity ?
4.9 (Medium) - CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
5.6 (Medium) - CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
5.6 (Medium) - CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
VLAI Severity ?
EPSS score ?
CWE
Summary
On affected platforms running Arista EOS, certain serial console input might result in an unexpected reload of the device.153
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Arista Networks | EOS |
Version: 4.34.2FX < |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8870",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-14T16:28:58.202689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T16:29:13.516Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"710X Series"
],
"product": "EOS",
"vendor": "Arista Networks",
"versions": [
{
"status": "affected",
"version": "4.34.2FX",
"versionType": "custom"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eIn order to be vulnerable to CVE-2025-8870, both of the following conditions must be met:\u003c/span\u003e\u003c/p\u003e\u003cbr\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eAn attacker must have a serial interface connection to the device or access to remotely access the console via the console port. Network remote access does not cause this issue.\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eAND\u003c/span\u003e\u003c/p\u003e\u003col\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eDevice must be using the Synopsys Designware serial model:\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ol\u003e\u003cbr\u003e\u003cdiv\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e#bash dmesg | grep \"Synopsys DesignWare\"\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e[ \u0026nbsp; 1.287358] 10200000.serial: ttyS0 at MMIO 0x10200000 (irq = 15, base_baud = 15625000) is a \u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 0);\"\u003eSynopsys DesignWare\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e[ \u0026nbsp; 1.287845] 10201000.serial: ttyS1 at MMIO 0x10201000 (irq = 164, base_baud = 15625000) is a Synopsys DesignWare\u003c/span\u003e\u003c/p\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003c/div\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "In order to be vulnerable to CVE-2025-8870, both of the following conditions must be met:\n\n\n * An attacker must have a serial interface connection to the device or access to remotely access the console via the console port. Network remote access does not cause this issue.\n\n\nAND\n\n * Device must be using the Synopsys Designware serial model:\n\n\n\n#bash dmesg | grep \"Synopsys DesignWare\"\n\n[ \u00a0 1.287358] 10200000.serial: ttyS0 at MMIO 0x10200000 (irq = 15, base_baud = 15625000) is a Synopsys DesignWare\n\n[ \u00a0 1.287845] 10201000.serial: ttyS1 at MMIO 0x10201000 (irq = 164, base_baud = 15625000) is a Synopsys DesignWare"
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:arista_networks:eos:4.34.2fx:*:710x_series:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"datePublic": "2025-11-11T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eOn affected platforms running Arista EOS, certain serial console input might result in an unexpected reload of the device.153\u003c/span\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "On affected platforms running Arista EOS, certain serial console input might result in an unexpected reload of the device.153"
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "PHYSICAL",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T15:57:04.673Z",
"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"shortName": "Arista"
},
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/22811-security-advisory-0125"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see \u003c/span\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003e\u003cspan style=\"background-color: transparent;\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e\u003cbr\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003eCVE-2025-8870 has been fixed in the following releases:\u003c/span\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e\u003cp\u003e\u003cspan style=\"background-color: transparent;\"\u003e4.35.0F and later releases\u003c/span\u003e\u003c/p\u003e\u003c/li\u003e\u003c/ul\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\n\nCVE-2025-8870 has been fixed in the following releases:\n\n * 4.35.0F and later releases"
}
],
"source": {
"defect": [
"1206724"
],
"discovery": "INTERNAL"
},
"title": "On affected platforms running Arista EOS, certain serial console input might result in an unexpected reload of the device.",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cb\u003e\u003cspan style=\"background-color: transparent;\"\u003eThe mitigation is to limit access to the serial console.\u003c/span\u003e\u003c/b\u003e\u003cbr\u003e"
}
],
"value": "The mitigation is to limit access to the serial console."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
"assignerShortName": "Arista",
"cveId": "CVE-2025-8870",
"datePublished": "2025-11-14T15:57:04.673Z",
"dateReserved": "2025-08-11T18:15:44.614Z",
"dateUpdated": "2025-11-14T16:29:13.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}