{ "document": { "category": "security_advisory", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en-US", "publisher": { "category": "vendor", "contact_details": "support@arista.com", "name": "Arista PSIRT", "namespace": "https://www.arista.com" }, "references": [ { "category": "self", "summary": "Security advisory Aneto canonical URL", "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/22869-security-advisory-0127" } ], "title": "Security Advisory Aneto", "tracking": { "current_release_date": "2025-11-18T18:58:56Z", "generator": { "engine": { "name": "Arista Networks SecEng Service CSAF Generator" } }, "id": "Arista Networks Security Advisory Aneto", "initial_release_date": "2025-11-18T18:58:56Z", "revision_history": [ { "date": "2025-11-18T18:58:56Z", "number": "1", "summary": "Document created" } ], "status": "draft", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "DCS-7020SRG-24C2-F hardware platform", "product": { "name": "DCS-7020SRG-24C2-F hardware platform", "product_id": "CSAFPID-4" } }, { "category": "product_version", "name": "DCS-7020SRG-24C2 hardware platform", "product": { "name": "DCS-7020SRG-24C2 hardware platform", "product_id": "CSAFPID-3" } }, { "category": "product_version", "name": "DCS-7020SRG-24C2-R hardware platform", "product": { "name": "DCS-7020SRG-24C2-R hardware platform", "product_id": "CSAFPID-5" } } ], "category": "product_family", "name": "Hardware Platform" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "EOS version 1.0.0", "product": { "name": "EOS version 1.0.0", "product_id": "CSAFPID-0" } }, { "category": "product_version", "name": "EOS version 4.32.7", "product": { "name": "EOS version 4.32.7", "product_id": "CSAFPID-2" } }, { "category": "product_version", "name": "EOS version 4.33.5", "product": { "name": "EOS version 4.33.5", "product_id": "CSAFPID-1" } } ], "category": "product_name", "name": "EOS" } ], "category": "product_family", "name": "Software Products" } ], "category": "vendor", "name": "Arista Networks, Inc." } ], "relationships": [ { "category": "installed_on", "full_product_name": { "name": "EOS version 4.32.7 installed on DCS-7020SRG-24C2-R", "product_id": "CSAFPID-13" }, "product_reference": "CSAFPID-2", "relates_to_product_reference": "CSAFPID-5" }, { "category": "installed_on", "full_product_name": { "name": "EOS version 4.33.5 installed on DCS-7020SRG-24C2", "product_id": "CSAFPID-8" }, "product_reference": "CSAFPID-1", "relates_to_product_reference": "CSAFPID-3" }, { "category": "installed_on", "full_product_name": { "name": "EOS version 1.0.0 installed on DCS-7020SRG-24C2-F", "product_id": "CSAFPID-9" }, "product_reference": "CSAFPID-0", "relates_to_product_reference": "CSAFPID-4" }, { "category": "installed_on", "full_product_name": { "name": "EOS version 1.0.0 installed on DCS-7020SRG-24C2-R", "product_id": "CSAFPID-12" }, "product_reference": "CSAFPID-0", "relates_to_product_reference": "CSAFPID-5" }, { "category": "installed_on", "full_product_name": { "name": "EOS version 1.0.0 installed on DCS-7020SRG-24C2", "product_id": "CSAFPID-6" }, "product_reference": "CSAFPID-0", "relates_to_product_reference": "CSAFPID-3" }, { "category": "installed_on", "full_product_name": { "name": "EOS version 4.33.5 installed on DCS-7020SRG-24C2-F", "product_id": "CSAFPID-11" }, "product_reference": "CSAFPID-1", "relates_to_product_reference": "CSAFPID-4" }, { "category": "installed_on", "full_product_name": { "name": "EOS version 4.32.7 installed on DCS-7020SRG-24C2-F", "product_id": "CSAFPID-10" }, "product_reference": "CSAFPID-2", "relates_to_product_reference": "CSAFPID-4" }, { "category": "installed_on", "full_product_name": { "name": "EOS version 4.33.5 installed on DCS-7020SRG-24C2-R", "product_id": "CSAFPID-14" }, "product_reference": "CSAFPID-1", "relates_to_product_reference": "CSAFPID-5" }, { "category": "installed_on", "full_product_name": { "name": "EOS version 4.32.7 installed on DCS-7020SRG-24C2", "product_id": "CSAFPID-7" }, "product_reference": "CSAFPID-2", "relates_to_product_reference": "CSAFPID-3" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-8873", "id": { "system_name": "Arista Bug ID", "text": "1246592" }, "notes": [ { "category": "description", "text": "On affected platforms running Arista EOS with IPsec configured, a specially crafted packet can cause the dataplane to stop processing all IPsec traffic. The control plane may detect this condition, and attempt to reset the IPsec processing pipeline. After reset traffic may not resume being processed. There is no impact to non-IPsec traffic or to IPsec traffic not originating or terminating on the system.", "title": "CVE Description" }, { "category": "other", "text": "IPsec must be configured.", "title": "1246592: Required Config for Exploitation" } ], "product_status": { "first_affected": [ "CSAFPID-0" ], "fixed": [ "CSAFPID-1", "CSAFPID-2" ] }, "references": [ { "category": "external", "summary": "MITRE", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-8873" } ], "remediations": [ { "category": "vendor_fix", "details": "Fixed in EOS version 4.32.7", "product_ids": [ "CSAFPID-2" ] }, { "category": "vendor_fix", "details": "Fixed in EOS version 4.33.5", "product_ids": [ "CSAFPID-1" ] }, { "category": "none_available", "details": "Not fixed in EOS version 1.0.0", "product_ids": [ "CSAFPID-0" ] }, { "category": "mitigation", "details": "There are no mitigations." } ], "scores": [ { "cvss_v3": { "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CSAFPID-5", "CSAFPID-12", "CSAFPID-2", "CSAFPID-6", "CSAFPID-9", "CSAFPID-13", "CSAFPID-8", "CSAFPID-4", "CSAFPID-10", "CSAFPID-11", "CSAFPID-0", "CSAFPID-7", "CSAFPID-3", "CSAFPID-1", "CSAFPID-14" ] } ], "title": "CVE-2025-8873" } ] }