CVE-2025-5089

MEDIUM 6.5

Arista EOS SysDB Agent Denial of Service via Malformed CVX Client/Server Messages

CVSS Score

6.5

EPSS Score

0.0%

EPSS Percentile

10th

In a CVX cluster, an EOS switch connected to a CVX server is not resilient to certain malformed messages received from the connected CVX server. Similarly, the CVX server is not resilient to certain malformed messages received from the connected EOS switch. This leads to either a Sysdb agent crash on the EOS device causing a soft reset of the switch or agent crashes on the CVX server causing instability of the CVX cluster. An attacker could use this behavior to create a denial of service (DoS) scenario. Note that this would require the attacker to already have a high privilege access to the connected device to be able to send custom TCP packets. EOS switches that are not connected to a CVX server are not impacted.

CWE	CWE-20
Vendor	arista networks
Product	eos / cloudvision exchange (cvx)
Published	Jun 5, 2026
Last Updated	Jun 9, 2026

Stay Ahead of the Next One

Get instant alerts for arista networks eos / cloudvision exchange (cvx)

Be the first to know when new medium vulnerabilities affecting arista networks eos / cloudvision exchange (cvx) are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Affected Versions

Arista Networks / EOS / CloudVision eXchange (CVX)

4.34.0F ≤ 4.34.1F 4.33.0M ≤ 4.33.4M 4.32.0M ≤ 4.32.6M 4.31.0M ≤ 4.31.8M 4.30.0 < 4.31.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

arista.com: https://www.arista.com/en/support/advisories-notices/security-advisory/22868-security-advisory-0126