CVE-2025-0505 | THREATINT

Description

On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that CloudVision as-a-Service is not affected.

PUBLISHED Reserved 2025-01-15 | Published 2025-05-08 | Updated 2025-05-08 | Assigner Arista

CRITICAL: 10.0CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Problem types

CWE-269 Improper Privilege Management

Product status

Default status

unaffected

2024.2.0 (custom)

affected

2024.3.0 (custom)

affected

References

www.arista.com/...rity-advisory/21315-security-advisory-0115

cve.org (CVE-2025-0505)

nvd.nist.gov (CVE-2025-0505)

Download JSON