CVE-2025-5090
Arista CloudVision Exchange Cluster Instability via Unexpected Switch Messages
CVSS Score
6.5
EPSS Score
0.0%
EPSS Percentile
14th
CVX is not resilient to unexpected messages from a connected switch. This leads to agent crashes on CVX causing instability in the CVX cluster. An attacker could use this behavior to create a denial of service (DoS) scenario. Note that this would require the attacker to have a high privilege access to the connected switch to be able to send custom TCP packets to the CVX.
| CWE | CWE-20 |
| Vendor | arista networks |
| Product | eos / cloudvision exchange (cvx) |
| Published | Jun 5, 2026 |
| Last Updated | Jun 9, 2026 |
Stay Ahead of the Next One
Get instant alerts for arista networks eos / cloudvision exchange (cvx)
Be the first to know when new medium vulnerabilities affecting arista networks eos / cloudvision exchange (cvx) are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected Versions
Arista Networks / EOS / CloudVision eXchange (CVX)
4.34.0F โค 4.34.1F 4.33.0M โค 4.33.4M 4.32.0M โค 4.32.6M 4.31.0 < 4.32.0 4.30.0 < 4.31.0