CVE-2025-5088 Arista CloudVision Exchange (CVX) Cluster Privilege Escalation via MCS Redis Session

An authenticated Redis session could be used to obtain full root access to all servers in the CVX cluster. Note that this would require an attacker to have both network access to the Redis service on a CVX server and the Redis password. Please note that all Redis communication, including...

CVE-2025-5088

CVE-2025-5088 affects Arista CloudVision Exchange (CVX) via an authenticated Redis session that could grant full root access to all CVX servers. Exploitation requires network access to the Redis service and the Redis password, and Redis traffic is plaintext (TLS support tracked separately). The i...

CVE-2025-5090 Arista CloudVision Exchange Cluster Instability via Unexpected Switch Messages

CVX is not resilient to unexpected messages from a connected switch. This leads to agent crashes on CVX causing instability in the CVX cluster. An attacker could use this behavior to create a denial of service DoS scenario. Note that this would require the attacker to have a high privilege access...

CVE-2025-5090 Arista CloudVision Exchange Cluster Instability via Unexpected Switch Messages

CVX is not resilient to unexpected messages from a connected switch. This leads to agent crashes on CVX causing instability in the CVX cluster. An attacker could use this behavior to create a denial of service DoS scenario. Note that this would require the attacker to have a high privilege access...

CVE-2025-5090

CVE-2025-5090 affects Arista CloudVision Exchange (CVX) in Arista EOS-based deployments. The issue arises when CVX processes unexpected messages from a connected switch, leading to agent crashes on CVX and instability in the CVX cluster, enabling a DoS under high-privilege conditions on the conne...

CVE-2018-12357

Arista CloudVision Portal through 2018.1.1 has Incorrect Permissions...

EUVD-2018-4331

Malware in sbrugna...

EUVD-2020-5377

Malware in sbrugna...

EUVD-2020-17067

Malware in sbrugna...

EUVD-2023-28562

Malicious code in bioql PyPI...

EUVD-2022-33484

Malicious code in bioql PyPI...

EUVD-2025-14029

Malicious code in bioql PyPI...

nautobot-chatops (>=1.6.0 <=1.7.1), nautobot-chatops-arista-cloudvision (>=1.0.1 <=1.3.0) +7 more potentially affected by CVE-2025-49143 via nautobot (>=1.0.3 <=1.5.16)

nautobot PYPI version =1.0.3, =1.6.0, =1.0.1, =1.1.0, =0.9.2, =1.5.0, =0.9.0, =0.1.0, =0.1.0, =0.2.0 Source cves: CVE-2025-49143 Source advisory: OSV:GHSA-RH67-4C8J-HJJH...

nautobot-chatops (>=1.6.0 <=1.7.1), nautobot-chatops-arista-cloudvision (>=1.0.1 <=1.3.0) +7 more potentially affected by CVE-2025-49142 via nautobot (>=1.0.3 <=1.5.16)

nautobot PYPI version =1.0.3, =1.6.0, =1.0.1, =1.1.0, =0.9.2, =1.5.0, =0.9.0, =0.1.0, =0.1.0, =0.2.0 Source cves: CVE-2025-49142 Source advisory: OSV:GHSA-WJW6-95H5-4JPX...

nautobot-chatops (>=1.6.0 <=1.7.1), nautobot-chatops-arista-cloudvision (>=1.0.1 <=1.3.0) +7 more potentially affected by CVE-2025-49143 via nautobot (>=1.0.3 <=1.5.16)

nautobot PYPI version =1.0.3, =1.6.0, =1.0.1, =1.1.0, =0.9.2, =1.5.0, =0.9.0, =0.1.0, =0.1.0, =0.2.0 Source cves: CVE-2025-49143 Source advisory: SNYK:PYTHON-NAUTOBOT-10337820...

CVE-2020-24333

A vulnerability in Arista’s CloudVision Portal CVP prior to 2020.2 allows users with “read-only” or greater access rights to the Configlet Management module to download files not intended for access, located on the CVP server, by accessing a specific API...

CVE-2024-8100

On affected versions of the Arista CloudVision Portal CVP on-prem, the time-bound device onboarding token can be used to gain admin privileges on CloudVision...

CVE-2025-0505

On Arista CloudVision systems virtual or physical on-premise deployments, Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that...

CVE-2025-0505

On Arista CloudVision systems virtual or physical on-premise deployments, Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that...

CVE-2025-0505 On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state

On Arista CloudVision systems virtual or physical on-premise deployments, Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that...