{ "document": { "category": "security_advisory", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en-US", "publisher": { "category": "vendor", "contact_details": "support@arista.com", "name": "Arista PSIRT", "namespace": "https://www.arista.com" }, "references": [ { "category": "self", "summary": "Security advisory Matomi canonical URL", "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/22021-security-advisory-0121" } ], "title": "Security Advisory Matomi", "tracking": { "current_release_date": "2025-09-30T18:52:41Z", "generator": { "engine": { "name": "Arista Networks SecEng Service CSAF Generator" } }, "id": "Arista Networks Security Advisory Matomi", "initial_release_date": "2025-09-30T18:52:41Z", "revision_history": [ { "date": "2025-09-30T18:52:41Z", "number": "1", "summary": "Document created" } ], "status": "draft", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "EOS version 4.33.2", "product": { "name": "EOS version 4.33.2", "product_id": "CSAFPID-2" } }, { "category": "product_version", "name": "EOS version 4.31.7", "product": { "name": "EOS version 4.31.7", "product_id": "CSAFPID-4" } }, { "category": "product_version", "name": "EOS version 1.0.0", "product": { "name": "EOS version 1.0.0", "product_id": "CSAFPID-0" } }, { "category": "product_version", "name": "EOS version 4.32.5", "product": { "name": "EOS version 4.32.5", "product_id": "CSAFPID-3" } }, { "category": "product_version", "name": "EOS version 4.30.10", "product": { "name": "EOS version 4.30.10", "product_id": "CSAFPID-1" } } ], "category": "product_name", "name": "EOS" } ], "category": "product_family", "name": "Software Products" } ], "category": "vendor", "name": "Arista Networks, Inc." } ] }, "vulnerabilities": [ { "cve": "CVE-2025-6188", "id": { "system_name": "Arista Bug ID", "text": "1008073" }, "notes": [ { "category": "description", "text": "On affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503 may be accepted by EOS. UDP Port 3503 is associated with LspPing Echo Reply. This can result in unexpected behaviors, especially for UDP based services that do not perform some form of authentication.", "title": "CVE Description" } ], "product_status": { "first_affected": [ "CSAFPID-0" ], "fixed": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4" ] }, "references": [ { "category": "external", "summary": "MITRE", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6188" } ], "remediations": [ { "category": "vendor_fix", "details": "Fixed in EOS version 4.30.10", "product_ids": [ "CSAFPID-1" ] }, { "category": "vendor_fix", "details": "Fixed in EOS version 4.31.7", "product_ids": [ "CSAFPID-4" ] }, { "category": "vendor_fix", "details": "Fixed in EOS version 4.32.5", "product_ids": [ "CSAFPID-3" ] }, { "category": "vendor_fix", "details": "Fixed in EOS version 4.33.2", "product_ids": [ "CSAFPID-2" ] }, { "category": "none_available", "details": "Not fixed in EOS version 1.0.0", "product_ids": [ "CSAFPID-0" ] } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "CSAFPID-2", "CSAFPID-4", "CSAFPID-3", "CSAFPID-0", "CSAFPID-1" ] } ], "title": "CVE-2025-6188" } ] }