CVE-2025-5090
MEDIUMArista CloudVision Exchange Cluster Instability via Unexpected Switch Messages
Title source: cnaDescription
CVX is not resilient to unexpected messages from a connected switch. This leads to agent crashes on CVX causing instability in the CVX cluster. An attacker could use this behavior to create a denial of service (DoS) scenario. Note that this would require the attacker to have a high privilege access to the connected switch to be able to send custom TCP packets to the CVX.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://www.arista.com/en/support/advisories-notices/security-advisory/22868-security-advisory-0126
Scores
CVSS v3
6.5
EPSS
0.0024
EPSS Percentile
14.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-20
Status
published
Products (5)
Arista Networks/EOS / CloudVision eXchange (CVX)
4.30.0 - 4.31.0
Arista Networks/EOS / CloudVision eXchange (CVX)
4.31.0 - 4.32.0
Arista Networks/EOS / CloudVision eXchange (CVX)
4.32.0M - 4.32.6M
Arista Networks/EOS / CloudVision eXchange (CVX)
4.33.0M - 4.33.4M
Arista Networks/EOS / CloudVision eXchange (CVX)
4.34.0F - 4.34.1F
Published
Jun 05, 2026
Tracked Since
Jun 05, 2026