CVE-2025-2826
LOWCVSS VectorNVD
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
2DescriptionNVD
n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets. This can cause incoming packets to incorrectly be allowed or denied. The two symptoms of this issue on the affected release and platform are:
- Packets which should be permitted may be dropped and,
- Packets which should be dropped may be permitted.
AnalysisAI
n affected platforms running Arista EOS, ACL policies may not be enforced. Rated low severity (CVSS 2.6). No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-1284. n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets. This can cause incoming packets to incorrectly be allowed or denied. The two symptoms of this issue on the affected release and platform are: * Packets which should be permitted may be dropped and, * Packets which should be dropped may be permitted.
Affected ProductsAI
ACL policies not being enforced for ingress packets. This can cause incoming packets to incorrectly be.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Share
External POC / Exploit Code
Leaving vuln.today