Buffer Access with Incorrect Length Value in Arista Extensible Operating System (EOS) and Arista CloudEOS VM - CVE-2025-7048
Published: April 15, 2026
Vulnerability identifier: #VU126174
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2025-7048
CWE-ID: CWE-805
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vendor: Arista Networks
Affected software:
Arista Extensible Operating System (EOS)
Arista CloudEOS VM
Arista Extensible Operating System (EOS)
Arista CloudEOS VM
Detailed vulnerability description
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to buffer access with incorrect length value in the MACsec process when processing specially crafted packets on MACsec-enabled interfaces. A remote attacker can send a specially crafted packet to cause a denial of service.
Continuous receipt of these packets with certain MACsec configurations can cause longer term disruption of dataplane traffic.
How to mitigate CVE-2025-7048
Install security update from vendor's website.