Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-3456
PUBLISHED
More InfoOfficial Page
Assigner-Arista
Assigner Org ID-c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7
View Known Exploited Vulnerability (KEV) details
Published At-25 Aug, 2025 | 20:02
Updated At-25 Aug, 2025 | 20:31
Rejected At-
▼CVE Numbering Authority (CNA)
On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and protocol specific encrypted secrets from the device running-c

On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and protocol specific encrypted secrets from the device running-config could then be used to obtain protocol specific passwords in cases where symmetric passwords are required between devices with neighbor protocol relationships.

Affected Products
Vendor
Arista Networks, Inc.Arista Networks
Product
EOS
Platforms
  • EOS
Default Status
unaffected
Versions
Affected
  • 4.34.0F (custom)
  • From 4.33.0 through 4.33.3F (custom)
  • From 4.32.0 through 4.32.5M (custom)
  • From 4.31.0 through 4.31.7M (custom)
  • From 4.30.0 through 4.30.10M (custom)
  • From 4.29.0 through 4.29.10M (custom)
Problem Types
TypeCWE IDDescription
CWECWE-532CWE-532 Insertion of Sensitive Information into Log File
Type: CWE
CWE ID: CWE-532
Description: CWE-532 Insertion of Sensitive Information into Log File
Metrics
VersionBase scoreBase severityVector
3.13.8LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Version: 3.1
Base score: 3.8
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-545CAPEC-545: Pull Data from System Resources
CAPEC ID: CAPEC-545
Description: CAPEC-545: Pull Data from System Resources
Solutions

The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades   CVE-2025-3456 has been fixed in the following releases: * 4.34.1F and later releases in the 4.34.x train * 4.33.4M and later releases in the 4.33.x train * 4.32.6M and later releases in the 4.32.x train * 4.31.8M and later releases in the 4.31.x train

Configurations

In order to be vulnerable to CVE-2025-3456, the following condition must be met: The global custom encryption key must be configured: switch#show running-config | sect management security management security    password encryption-key common custom <key>

Workarounds

There is no known mitigation for the issue. The recommended resolution is to upgrade to a remediated software version at your earliest convenience and afterwards rotate the custom global encryption-key.

Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://https://www.arista.com/en/support/advisories-notices/security-advisory/22022-security-advisory-0122
N/A
Hyperlink: https://https://www.arista.com/en/support/advisories-notices/security-advisory/22022-security-advisory-0122
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found