Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
In a CVX cluster, an EOS switch connected to a CVX server is not resilient to certain malformed messages received from the connected CVX server. Similarly, the CVX server is not resilient to certain malformed messages received from the connected EOS switch. This leads to either a Sysdb agent crash on the EOS device causing a soft reset of the switch or agent crashes on the CVX server causing instability of the CVX cluster. An attacker could use this behavior to create a denial of service (DoS) scenario. Note that this would require the attacker to already have a high privilege access to the connected device to be able to send custom TCP packets. EOS switches that are not connected to a CVX server are not impacted.
AnalysisAI
Denial of service in Arista EOS switches and CloudVision Exchange (CVX) servers arises from improper input validation in the TCP messaging protocol that governs EOS-CVX cluster communication. Sending malformed messages in either direction - from a CVX server to an EOS switch, or vice versa - triggers a Sysdb agent crash on the EOS device (causing a soft reset) or agent crashes on the CVX server (causing cluster-wide instability). Exploitation requires the attacker to already hold high-privilege access on a device within the cluster, and no public exploit code or CISA KEV listing exists at time of analysis, making this a targeted insider or post-compromise threat rather than an opportunistic one.
Technical ContextAI
Arista's CloudVision Exchange (CVX) is a centralized network controller to which EOS-based switches connect over custom TCP sessions to receive policy, state, and configuration data. The affected component on the EOS side is the Sysdb agent - Arista EOS's core system database daemon - whose crash triggers a full soft reset of the switch. On the CVX side, agent crashes propagate instability to the entire cluster, impacting all connected devices. The root cause is CWE-20 (Improper Input Validation): neither side adequately validates the structure or content of incoming protocol messages before processing them, allowing a crafted malformed message to drive the receiving agent into a crash state. The CPE cpe:2.3:a:arista_networks:eos_/_cloudvision_exchange_(cvx):*:*:*:*:*:*:*:* covers the combined EOS/CVX product pairing across all versions, indicating the input validation gap is present throughout the product line rather than in a specific revision.
RemediationAI
Consult Arista Security Advisory 0126 (https://www.arista.com/en/support/advisories-notices/security-advisory/22868-security-advisory-0126) for vendor-released patched versions of EOS and CVX; exact fix versions were not present in the available data and must be confirmed directly from the advisory before upgrading. As an immediate compensating control, enforce strict role-based access controls (RBAC) on all EOS switches and CVX servers to ensure that only the minimum required privileged accounts can access device management interfaces - this directly addresses the high-privilege prerequisite the vendor identifies as necessary for exploitation. Network segmentation restricting management-plane reachability of CVX servers to trusted administrator hosts provides an additional boundary, though this does not protect against insider threats already holding privileged credentials. For non-critical EOS switches, temporarily disconnecting them from the CVX cluster eliminates their exposure entirely, at the trade-off of losing centralized policy management for those segments until a patch is applied.
More in Eos Cloudvision Exchange Cvx
View allSame weakness CWE-20 – Improper Input Validation
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-210075
GHSA-xmjq-j83c-q6g4