CVE-2025-8873
Arista EOS Dataplane Denial of Service via Malformed IPsec Packet
CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
5th
On affected platforms running Arista EOS with IPsec configured, a specially crafted packet can cause the dataplane to stop processing all IPsec traffic. The control plane may detect this condition, and attempt to reset the IPsec processing pipeline. After reset traffic may not resume being processed. There is no impact to non-IPsec traffic or to IPsec traffic not originating or terminating on the system. This issue was reported by an Arista customer.
| CWE | CWE-1286 |
| Vendor | arista networks |
| Product | eos |
| Published | Jun 4, 2026 |
| Last Updated | Jun 5, 2026 |
Stay Ahead of the Next One
Get instant alerts for arista networks eos
Be the first to know when new high vulnerabilities affecting arista networks eos are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected Versions
Arista Networks / EOS
4.33.0M โค 4.33.4M 4.32.0M โค 4.32.6.1M 4.31.0M โค 4.31.7.1M 4.30.0M โค 4.30.10M 4.29.0M โค 4.29.10.1M