{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-5090","assignerOrgId":"c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7","state":"PUBLISHED","assignerShortName":"Arista","dateReserved":"2025-05-22T16:26:48.444Z","datePublished":"2026-06-05T15:49:27.770Z","dateUpdated":"2026-06-05T15:49:27.770Z"},"containers":{"cna":{"providerMetadata":{"orgId":"c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7","shortName":"Arista","dateUpdated":"2026-06-05T15:49:27.770Z"},"title":"Arista CloudVision Exchange Cluster Instability via Unexpected Switch Messages","datePublic":"2025-11-18T16:46:00.000Z","problemTypes":[{"descriptions":[{"lang":"en","cweId":"CWE-20","description":"CWE-20: Improper Input Validation","type":"CWE"}]}],"affected":[{"vendor":"Arista Networks","product":"EOS / CloudVision eXchange (CVX)","platforms":["CloudVision eXchange","virtual or physical appliance"],"versions":[{"status":"affected","version":"4.34.0F","lessThanOrEqual":"4.34.1F","versionType":"custom"},{"status":"affected","version":"4.33.0M","lessThanOrEqual":"4.33.4M","versionType":"custom"},{"status":"affected","version":"4.32.0M","lessThanOrEqual":"4.32.6M","versionType":"custom"},{"status":"affected","version":"4.31.0","lessThan":"4.32.0","versionType":"custom"},{"status":"affected","version":"4.30.0","lessThan":"4.31.0","versionType":"custom"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"CVX is not resilient to unexpected messages from a connected switch. This leads to agent crashes on CVX causing instability in the CVX cluster. An attacker could use this behavior to create a denial of service (DoS) scenario. Note that this would require the attacker to have a high privilege access to the connected switch to be able to send custom TCP packets to the CVX.","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>CVX is not resilient to unexpected messages from a connected switch. This leads to agent crashes on CVX causing instability in the CVX cluster. An attacker could use this behavior to create a denial of service (DoS) scenario. Note that this would require the attacker to have a high privilege access to the connected switch to be able to send custom TCP packets to the CVX.</p>"}]}],"references":[{"url":"https://www.arista.com/en/support/advisories-notices/security-advisory/22868-security-advisory-0126","tags":["vendor-advisory"]}],"configurations":[{"lang":"en","value":"In order to be vulnerable to CVE-2025-5090, the following condition must be met: CVX must be configured:\n\n\n\n\ncvx1#show cvx\n  Status: Enabled\n  Mode: Standalone\n  Heartbeat interval: 20.0\n  Heartbeat timeout: 60.0\n  Client connection state preserving: Disabled\n  \ncvx1#show running-config section cvx\ncvx\n   no shutdown","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>In order to be vulnerable to CVE-2025-5090, the following condition must be met: CVX must be configured:</p>\n<pre><code>cvx1#show cvx\n  Status: Enabled\n  Mode: Standalone\n  Heartbeat interval: 20.0\n  Heartbeat timeout: 60.0\n  Client connection state preserving: Disabled\n  \ncvx1#show running-config section cvx\ncvx\n   no shutdown</code></pre>"}]}],"workarounds":[{"lang":"en","value":"There is no mitigation for this issue.","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>There is no mitigation for this issue.</p>"}]}],"solutions":[{"lang":"en","value":"The recommended resolution is to upgrade to a remediated software version at your earliest convenience. CVE-2025-5090 has been fixed in the following releases:\n\n\n\n    *  4.34.2F and later releases in the 4.34.x train\n\n    *  4.33.5M and later releases in the 4.33.x train\n\n    *  4.32.7M and later releases in the 4.32.x train","supportingMedia":[{"type":"text/html","base64":false,"value":"<p>The recommended resolution is to upgrade to a remediated software version at your earliest convenience. CVE-2025-5090 has been fixed in the following releases:</p>\n<ul>\n  <li>4.34.2F and later releases in the 4.34.x train</li>\n  <li>4.33.5M and later releases in the 4.33.x train</li>\n  <li>4.32.7M and later releases in the 4.32.x train</li>\n</ul>"}]}],"source":{"defect":["BUG1139764"],"advisory":"0126","discovery":"INTERNAL"},"x_generator":{"engine":"Vulnogram"},"metrics":[{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV3_1":{"version":"3.1","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseSeverity":"MEDIUM","baseScore":6.5,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}},{"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}],"cvssV4_0":{"attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","subConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","subIntegrityImpact":"NONE","vulnAvailabilityImpact":"HIGH","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED","version":"4.0","baseSeverity":"HIGH","baseScore":7.1,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"}}],"x_capecAlignment":{"capecId":"CAPEC-125","capecName":"Flooding / Malformed Packet","justification":"An attacker with high privilege access over a downstream switch can emit unexpected or malformed TCP packets causing state management code on CVX (ControllerOob/Controllerdb) to throw unhandled faults, leading to ongoing client deregistration cycles and cluster instability."}}}}