{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-7048","assignerOrgId":"c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7","state":"PUBLISHED","assignerShortName":"Arista","dateReserved":"2025-07-03T15:30:22.152Z","datePublished":"2026-01-06T19:15:44.409Z","dateUpdated":"2026-01-06T19:44:20.519Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["7500R/R2","7388-8D","7800/R3/R3A","722XPM","720XPM","750X","7050X3/X4","7170","7280R/R2/R3/R3A/R4","7289R3","cEOS-lab","vEOS-lab"],"product":"EOS","vendor":"Arista Networks","versions":[{"lessThanOrEqual":"4.34.3.1M","status":"affected","version":"4.34.3.0","versionType":"custom"},{"lessThanOrEqual":"4.33.5M","status":"affected","version":"4.33.0","versionType":"custom"},{"lessThanOrEqual":"4.32.7M","status":"affected","version":"4.32.0","versionType":"custom"},{"lessThanOrEqual":"4.31.9M","status":"affected","version":"4.31.0","versionType":"custom"},{"lessThan":"4.30.0","status":"affected","version":"0","versionType":"custom"}]}],"configurations":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"

In order to be vulnerable to CVE-2025-7048, the following condition must be met:

MACsec must be configured with valid keys:

switch#show mac security participants\nInterface: EthernetX\n    CKN: <ckn>\n      Member ID: xxxxxxxxxxxxxxxxxxxxxxxx\n      Key management role: <key-server-role>\n      Success: <success-status>\n      Principal: <principal-status>\n      Key type: <key-type>\n  \nInterface: EthernetY\n    CKN: <ckn>\n      Member ID: xxxxxxxxxxxxxxxxxxxxxxxx\n      Key management role: <key-server-role>\n      Success: <success-status>\n      Principal: <principal-status>\n      Key type: <key-type>\n
 

If MACsec with valid key is not configured there is no exposure to this issue and this command will not show any output:

switch#show mac security participants\nswitch#

"}],"value":"In order to be vulnerable to CVE-2025-7048, the following condition must be met:\n\nMACsec must be configured with valid keys:\n\nswitch#show mac security participants\nInterface: EthernetX\n    CKN: \n      Member ID: xxxxxxxxxxxxxxxxxxxxxxxx\n      Key management role: \n      Success: \n      Principal: \n      Key type: \n \nInterface: EthernetY\n    CKN: \n      Member ID: xxxxxxxxxxxxxxxxxxxxxxxx\n      Key management role: \n      Success: \n      Principal: \n      Key type: \n\n\n \n\nIf MACsec with valid key is not configured there is no exposure to this issue and this command will not show any output:\n\nswitch#show mac security participants\nswitch#"}],"datePublic":"2025-12-30T16:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly. Continuous receipt of these packets with certain MACsec configurations can cause longer term disruption of dataplane traffic.
"}],"value":"On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly. Continuous receipt of these packets with certain MACsec configurations can cause longer term disruption of dataplane traffic."}],"impacts":[{"capecId":"CAPEC-253","descriptions":[{"lang":"en","value":"CAPEC-253 Remote Code Inclusion"}]}],"metrics":[{"cvssV4_0":{"Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","Safety":"NOT_DEFINED","attackComplexity":"LOW","attackRequirements":"NONE","attackVector":"ADJACENT","baseScore":5.3,"baseSeverity":"MEDIUM","exploitMaturity":"NOT_DEFINED","privilegesRequired":"NONE","providerUrgency":"NOT_DEFINED","subAvailabilityImpact":"NONE","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","userInteraction":"NONE","valueDensity":"NOT_DEFINED","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N","version":"4.0","vulnAvailabilityImpact":"LOW","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnerabilityResponseEffort":"NOT_DEFINED"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]},{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"ADJACENT_NETWORK","availabilityImpact":"LOW","baseScore":4.3,"baseSeverity":"MEDIUM","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-805","description":"CWE-805","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7","shortName":"Arista","dateUpdated":"2026-01-06T19:15:44.409Z"},"references":[{"url":"https://www.arista.com/en/support/advisories-notices/security-advisory/23120-security-advisory-0132"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"

The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.
For more information about upgrading see EOS User Manual: Upgrades and Downgrades

CVE-2025-7048 has been fixed in the following releases:
  • 4.35.0F and later releases
  • 4.34.4M and later releases in the 4.34.x train
  • 4.33.6M and later releases in the 4.33.x train
  • 4.32.8M and later releases in the 4.32.x train
  • 4.31.10M and later releases in the 4.31.x train

"}],"value":"The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\nFor more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\nCVE-2025-7048 has been fixed in the following releases:\n\n * 4.35.0F and later releases\n * 4.34.4M and later releases in the 4.34.x train \n * 4.33.6M and later releases in the 4.33.x train\n * 4.32.8M and later releases in the 4.32.x train\n * 4.31.10M and later releases in the 4.31.x train"}],"source":{"advisory":"132","defect":["BUG1203696","BUG1153233"],"discovery":"INTERNAL"},"title":"On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly. Continuous receipt of these packets with certain MACsec configurations can cause longer term disruption o","workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"There is no known work around to keep MACsec running and make it not susceptible to the security issue. MACsec would need to be disabled to eliminate the issue.
"}],"value":"There is no known work around to keep MACsec running and make it not susceptible to the security issue. MACsec would need to be disabled to eliminate the issue."}],"x_generator":{"engine":"Vulnogram 0.5.0"}},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-01-06T19:44:06.659074Z","id":"CVE-2025-7048","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-06T19:44:20.519Z"}}]}}