{ "document": { "category": "security_advisory", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en-US", "publisher": { "category": "vendor", "contact_details": "support@arista.com", "name": "Arista PSIRT", "namespace": "https://www.arista.com" }, "references": [ { "category": "self", "summary": "Security advisory 132 canonical URL", "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/23120-security-advisory-0132" } ], "title": "Security Advisory 132", "tracking": { "current_release_date": "2026-03-11T22:37:36Z", "generator": { "engine": { "name": "Arista Networks SecEng Service CSAF Generator" } }, "id": "Arista Networks Security Advisory 132", "initial_release_date": "2026-03-11T22:37:36Z", "revision_history": [ { "date": "2026-03-11T22:37:36Z", "number": "1", "summary": "Document created" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "branches": [ { "category": "product_version", "name": "EOS version 4.31.10", "product": { "name": "EOS version 4.31.10", "product_id": "CSAFPID-6" } }, { "category": "product_version", "name": "EOS version 4.34.4", "product": { "name": "EOS version 4.34.4", "product_id": "CSAFPID-7" } }, { "category": "product_version", "name": "EOS version 4.32.8", "product": { "name": "EOS version 4.32.8", "product_id": "CSAFPID-5" } }, { "category": "product_version", "name": "EOS version 4.33.6", "product": { "name": "EOS version 4.33.6", "product_id": "CSAFPID-3" } }, { "category": "product_version", "name": "EOS version 1.0.0", "product": { "name": "EOS version 1.0.0", "product_id": "CSAFPID-0" } }, { "category": "product_version", "name": "EOS version 4.34.2.2", "product": { "name": "EOS version 4.34.2.2", "product_id": "CSAFPID-2" } }, { "category": "product_version", "name": "EOS version 4.34.3", "product": { "name": "EOS version 4.34.3", "product_id": "CSAFPID-1" } }, { "category": "product_version", "name": "EOS version 4.35.0", "product": { "name": "EOS version 4.35.0", "product_id": "CSAFPID-4" } } ], "category": "product_name", "name": "EOS" } ], "category": "product_family", "name": "Software Products" } ], "category": "vendor", "name": "Arista Networks, Inc." } ] }, "vulnerabilities": [ { "cve": "CVE-2025-7048", "id": { "system_name": "Arista Bug ID", "text": "1153233,1203696" }, "notes": [ { "category": "description", "text": "On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly. Continuous receipt of these packets with certain MACsec configurations can cause longer term disruption of dataplane traffic.", "title": "CVE Description" }, { "category": "other", "text": "In order to be vulnerable to CVE-2025-7048, the following condition must be met:\n\nMACsec must be configured with valid keys:\nswitch#show mac security participants\nInterface: EthernetX\n CKN: \n Member ID: xxxxxxxxxxxxxxxxxxxxxxxx\n Key management role: \n Success: \n Principal: \n Key type: \n\nInterface: EthernetY\n CKN: \n Member ID: xxxxxxxxxxxxxxxxxxxxxxxx\n Key management role: \n Success: \n Principal: \n Key type: \n\n\nIf MACsec with valid key is not configured there is no exposure to this issue and this command will not show any output:\nswitch#show mac security participants\nswitch#", "title": "1153233: Required Config for Exploitation" } ], "product_status": { "first_affected": [ "CSAFPID-0" ], "fixed": [ "CSAFPID-1", "CSAFPID-2", "CSAFPID-3", "CSAFPID-4", "CSAFPID-5", "CSAFPID-6", "CSAFPID-7" ] }, "references": [ { "category": "external", "summary": "MITRE", "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-7048" } ], "remediations": [ { "category": "vendor_fix", "details": "Fixed in EOS version 4.31.10", "product_ids": [ "CSAFPID-6" ] }, { "category": "vendor_fix", "details": "Fixed in EOS version 4.32.8", "product_ids": [ "CSAFPID-5" ] }, { "category": "vendor_fix", "details": "Fixed in EOS version 4.33.6", "product_ids": [ "CSAFPID-3" ] }, { "category": "vendor_fix", "details": "Fixed in EOS version 4.34.2.2", "product_ids": [ "CSAFPID-2" ] }, { "category": "vendor_fix", "details": "Fixed in EOS version 4.34.3", "product_ids": [ "CSAFPID-1" ] }, { "category": "vendor_fix", "details": "Fixed in EOS version 4.35.0", "product_ids": [ "CSAFPID-4" ] }, { "category": "none_available", "details": "Not fixed in EOS version 1.0.0", "product_ids": [ "CSAFPID-0" ] }, { "category": "mitigation", "details": "There is no known work around to keep MACsec running and make it not susceptible to the security issue. MACsec would need to be disabled to eliminate the issue. " }, { "category": "vendor_fix", "details": "Fixed in EOS version 4.31.10", "product_ids": [ "CSAFPID-6" ] }, { "category": "vendor_fix", "details": "Fixed in EOS version 4.32.8", "product_ids": [ "CSAFPID-5" ] }, { "category": "vendor_fix", "details": "Fixed in EOS version 4.33.6", "product_ids": [ "CSAFPID-3" ] }, { "category": "vendor_fix", "details": "Fixed in EOS version 4.34.2.2", "product_ids": [ "CSAFPID-2" ] }, { "category": "vendor_fix", "details": "Fixed in EOS version 4.34.4", "product_ids": [ "CSAFPID-7" ] }, { "category": "vendor_fix", "details": "Fixed in EOS version 4.35.0", "product_ids": [ "CSAFPID-4" ] }, { "category": "none_available", "details": "Not fixed in EOS version 1.0.0", "product_ids": [ "CSAFPID-0" ] } ], "scores": [ { "cvss_v3": { "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "CSAFPID-5", "CSAFPID-2", "CSAFPID-6", "CSAFPID-1", "CSAFPID-4", "CSAFPID-0", "CSAFPID-7", "CSAFPID-3" ] } ], "title": "CVE-2025-7048" } ] }