Security Advisory 0143

Security Advisory 0143 PDF Date: June 23, 2026 Revision | Date | Changes ---|---|--- 1.0 | Jun 23, 2026 | Initial release Description All of the CVEs covered in this advisory apply to affected platforms running Arista EOS with the Streaming Telemetry Agent aka TerminAttr enabled. This issue...

CVE-2026-7473

On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN Virtual Extensible LAN, decap-groups, or a GRE Generic Routing Encapsulation tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with a...

CVE-2026-7473

On affected platforms running Arista EOS where a tunnel decapsulation configuration—such as VXLAN Virtual Extensible LAN, decap-groups, or a GRE Generic Routing Encapsulation tunnel interface—is present, the switch will incorrectly decapsulate and forward other unexpected tunneled packet with a...

PT-2026-46407

On affected platforms running Arista EOS with IPsec configured, a specially crafted packet can cause the dataplane to stop processing all IPsec traffic. The control plane may detect this condition, and attempt to reset the IPsec processing pipeline. After reset traffic may not resume being...

PT-2026-46983

Name of the Vulnerable Software and Affected Versions Arista EOS affected versions not specified Description On platforms where tunnel decapsulation configurations such as VXLAN Virtual Extensible LAN, decap-groups, or a GRE Generic Routing Encapsulation tunnel interface are present, the switch...

CVE-2025-7048

On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly. Continuous receipt of these packets with certain MACsec configurations can cause longer term disruption of dataplane traffic...

CVE-2025-7048

CVE-2025-7048 affects Arista EOS with MACsec enabled. The issue, described as a buffer overflow in the MACsec component, can cause the MACsec process to terminate and, with continued malformed packets, may disrupt dataplane traffic. Affected EOS versions include releases up to 4.34.x/4.33.x/4.32....

CVE-2025-8872

On affected platforms running Arista EOS with OSPFv3 configured, a specially crafted packet can cause the OSFPv3 process to have high CPU utilization which may result in the OSFPv3 process being restarted. This may cause disruption in the OSFPv3 routes on the switch. This issue was discovered...

CVE-2025-8872

On affected platforms running Arista EOS with OSPFv3 configured, a specially crafted packet can cause the OSFPv3 process to have high CPU utilization which may result in the OSFPv3 process being restarted. This may cause disruption in the OSFPv3 routes on the switch. This issue was discovered...

CVE-2025-8870

On affected platforms running Arista EOS, certain serial console input might result in an unexpected reload of the device.153...

PT-2025-46974

Name of the Vulnerable Software and Affected Versions Arista EOS affected versions not specified Description Certain serial console input on affected platforms running Arista EOS may cause an unexpected reload of the device. Recommendations At the moment, there is no information about a newer...

Security Advisory 0125

Security Advisory 0125 . CSAF PDF Date: November 11, 2025 Revision | Date | Changes ---|---|--- 1.0 | November 11, 2025 | Initial release The CVE-ID tracking this issue: CVE-2025-8870 CVSS:3.1 Base Score 4.9 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H CVSS:4.0 Base Score 5.6...

EUVD-2025-25755

Malicious code in bioql PyPI...

CVE-2025-6188 On affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503 may be accepted by EOS. UDP Port 3503 is associated with LspPing Echo Reply. This can result in unexpected behaviors, especially for UDP based services that do n

On affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503 may be accepted by EOS. UDP Port 3503 is associated with LspPing Echo Reply. This can result in unexpected behaviors, especially for UDP based services that do not perform some form of authentication...

CVE-2025-3456 On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and protocol specific encrypted secrets from the device running-c

On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and protocol specific encrypted secrets from the device running-config could then be used to obtain protoc...

Arista EOS 安全漏洞

Arista EOS is a fully programmable, highly modular, Linux-based network operating system from Arista USA. A security vulnerability exists in Arista EOS that stems from the fact that restarting the Tunnelsec agent may cause packets to be sent in plaintext through a secure Vxlan tunnel...

Arista EOS 安全漏洞

Arista EOS is a fully programmable, highly modular, Linux-based network operating system from Arista Corporation. A security vulnerability exists in Arista EOS that stems from a malformed or truncated packet received through a VXLAN tunnel and forwarded in hardware may cause the egress port to fa...

PT-2023-19655 · Arista · Arista Eos

Name of the Vulnerable Software and Affected Versions: Arista EOS affected versions not specified Description: On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged...

Arista Networks Arista EOS 安全漏洞

Arista Networks Arista EOS is a scalable operating system for data centers and cloud network centers from Arista Networks, Inc. Arista EOS builds cloud architectures that scale to hundreds of thousands of compute and storage nodes with management and provisioning capabilities for large-scale jobs...

CVE-2021-28505

On affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is applied to the ingress of an L2 or an L3 port/SVI, the VXLAN rule and subsequent ACL rules in that access list will ignore the specified IP protocol...