Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2025-5089
PUBLISHED
More InfoOfficial Page
Assigner-Arista
Assigner Org ID-c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7
View Known Exploited Vulnerability (KEV) details
Published At-05 Jun, 2026 | 15:44
Updated At-05 Jun, 2026 | 15:44
Rejected At-
▼CVE Numbering Authority (CNA)
Arista EOS SysDB Agent Denial of Service via Malformed CVX Client/Server Messages

In a CVX cluster, an EOS switch connected to a CVX server is not resilient to certain malformed messages received from the connected CVX server. Similarly, the CVX server is not resilient to certain malformed messages received from the connected EOS switch. This leads to either a Sysdb agent crash on the EOS device causing a soft reset of the switch or agent crashes on the CVX server causing instability of the CVX cluster. An attacker could use this behavior to create a denial of service (DoS) scenario. Note that this would require the attacker to already have a high privilege access to the connected device to be able to send custom TCP packets. EOS switches that are not connected to a CVX server are not impacted.

Affected Products
Vendor
Arista Networks, Inc.Arista Networks
Product
EOS / CloudVision eXchange (CVX)
Platforms
  • CloudVision eXchange
  • virtual or physical appliance
Default Status
unaffected
Versions
Affected
  • From 4.34.0F through 4.34.1F (custom)
  • From 4.33.0M through 4.33.4M (custom)
  • From 4.32.0M through 4.32.6M (custom)
  • From 4.31.0M through 4.31.8M (custom)
  • From 4.30.0 before 4.31.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-20CWE-20: Improper Input Validation
Type: CWE
CWE ID: CWE-20
Description: CWE-20: Improper Input Validation
Metrics
VersionBase scoreBase severityVector
3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.07.1HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Version: 4.0
Base score: 7.1
Base severity: HIGH
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

The recommended resolution is to upgrade to a remediated software version at your earliest convenience. CVE-2025-5089 has been fixed in the following releases: * 4.34.2F and later releases in the 4.34.x train * 4.33.5M and later releases in the 4.33.x train * 4.32.7M and later releases in the 4.32.x train * 4.31.9M and later releases in the 4.31.x train

Configurations

In order to be vulnerable to CVE-2025-5089, the following condition must be met: CVX must be configured: cvx1#show cvx Status: Enabled Mode: Standalone Heartbeat interval: 20.0 Heartbeat timeout: 60.0 Client connection state preserving: Disabled cvx1#show running-config section cvx cvx no shutdown

Workarounds

There is no mitigation for this issue.

Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.arista.com/en/support/advisories-notices/security-advisory/22868-security-advisory-0126
vendor-advisory
Hyperlink: https://www.arista.com/en/support/advisories-notices/security-advisory/22868-security-advisory-0126
Resource:
vendor-advisory
Details not found