CVE-2025-5088

CVE-2025-5088 affects Arista CloudVision Exchange (CVX) via an authenticated Redis session that could grant full root access to all CVX servers. Exploitation requires network access to the Redis service and the Redis password, and Redis traffic is plaintext (TLS support tracked separately). The i...

CVE-2025-5088 Arista CloudVision Exchange (CVX) Cluster Privilege Escalation via MCS Redis Session

An authenticated Redis session could be used to obtain full root access to all servers in the CVX cluster. Note that this would require an attacker to have both network access to the Redis service on a CVX server and the Redis password. Please note that all Redis communication, including...

CVE-2025-5088 Arista CloudVision Exchange (CVX) Cluster Privilege Escalation via MCS Redis Session

An authenticated Redis session could be used to obtain full root access to all servers in the CVX cluster. Note that this would require an attacker to have both network access to the Redis service on a CVX server and the Redis password. Please note that all Redis communication, including...

CVE-2025-5089

CVE-2025-5089 describes a DoS condition in Arista EOS CVX deployments where malformed messages between a CVX server and connected EOS Switch can crash SysDB on EOS or destabilize the CVX cluster, requiring high-privilege access to send crafted TCP packets. Affected products are Arista EOS with Cl...

Security Advisory 0139

Security Advisory 0139 PDF Date: May 19, 2026 Revision | Date | Changes ---|---|--- 1.0 | May 19, 2026 | Initial release The CVE-ID tracking this issue: CVE-2025-49844 CVSSv3.1 Base Score: 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSSv4.0 Base Score: 9.4...

Security Advisory 0126

Security Advisory 0126 . CSAF PDF Date: November 18, 2025 Revision | Date | Changes ---|---|--- 1.0 | November 18, 2025 | Initial release The following issues were discovered during regular penetration testing of Arista’s EOS. Issues detailed cover CloudVision Exchange CVX based features includin...

CVE-2020-13100

Arista’s CloudVision eXchange CVX server before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service crash and restart in the ControllerOob agent via a malformed control-plane packet...

CVE-2020-13100

Arista’s CloudVision eXchange CVX server before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service crash and restart in the ControllerOob agent via a malformed control-plane packet...

CVE-2020-13100

Arista’s CloudVision eXchange CVX server before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service crash and restart in the ControllerOob agent via a malformed control-plane packet...

Security Advisory 0052

Security Advisory 0052 PDF Date: October 7th, 2020 Version: 1.0 Revision | Date | Changes ---|---|--- 1.0 | October 7th, 2020 | Initial Release The CVE-ID tracking this issue is: CVE-2020-13100 CVSSv3 Base Score: 7.5/10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Description This advisory...

Arista Networks EOS Multiple Vulnerabilities (SA0018) (DROWN)

The version of Arista Networks EOS running on the remote device is affected by multiple vulnerabilities in the included OpenSSL library : - A cipher algorithm downgrade vulnerability exists due to a flaw that is triggered when handling cipher negotiation. A remote attacker can exploit this to...

Security Advisory 0024

Security Advisory 0024 PDF Date: October 4th, 2016 Version: 1.0 Revision | Date | Changes ---|---|--- 1.0 | October 4th, 2016 | Initial release Arista Products vulnerability report for security vulnerabilities announcement from the OpenSSL project on September 22nd, 2016 Product: EOS and...

Security Advisory 0020

Security Advisory 0020 PDF Date: May 6th, 2016 Version: 1.2 Revision| Date| Changes ---|---|--- 1.0 | May 6th, 2016 | Initial release 1.1 | May 12th, 2016 | Updated to include assessment for CVX and CVP. Change in vulnerability status for CVE-2016-2107. 1.2 | May 20th, 2016 | Updated to include...