Main Vulnerability Database Vulnerabilities #VU109873

Improper access control in Arista Extensible Operating System (EOS) - CVE-2025-2826

Published: May 27, 2025

Vulnerability identifier: #VU109873

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-2826

CWE-ID: CWE-284

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: Arista Networks

Affected software:
Arista Extensible Operating System (EOS)

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to improper enforcement of ACL policies. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets. This can cause incoming packets to incorrectly be allowed or denied.

How to mitigate CVE-2025-2826

Install updates from vendor's website.

Sources

https://www.arista.com/en/support/advisories-notices/security-advisory/21414-security-advisory-0120

Improper access control in Arista Extensible Operating System (EOS) - CVE-2025-2826

Detailed vulnerability description

How to mitigate CVE-2025-2826

Sources

Please verify you're human