Skip to main content

Eos Cloudvision Exchange Cvx

2 CVEs product

Monthly

CVE-2025-5090 HIGH PATCH This Week

Denial of service in Arista CloudVision Exchange (CVX) allows an attacker with high-privilege access to a connected switch to crash CVX agents by sending malformed TCP packets, causing instability across the CVX cluster. The flaw stems from improper input validation (CWE-20) of messages received from connected switches, and no public exploit has been identified at time of analysis.

Denial Of Service Eos Cloudvision Exchange Cvx
NVD VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-5089 HIGH PATCH This Week

Denial of service in Arista EOS switches and CloudVision Exchange (CVX) servers arises from improper input validation in the TCP messaging protocol that governs EOS-CVX cluster communication. Sending malformed messages in either direction - from a CVX server to an EOS switch, or vice versa - triggers a Sysdb agent crash on the EOS device (causing a soft reset) or agent crashes on the CVX server (causing cluster-wide instability). Exploitation requires the attacker to already hold high-privilege access on a device within the cluster, and no public exploit code or CISA KEV listing exists at time of analysis, making this a targeted insider or post-compromise threat rather than an opportunistic one.

Denial Of Service Eos Cloudvision Exchange Cvx
NVD
CVSS 4.0
7.1
EPSS
0.0%
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Denial of service in Arista CloudVision Exchange (CVX) allows an attacker with high-privilege access to a connected switch to crash CVX agents by sending malformed TCP packets, causing instability across the CVX cluster. The flaw stems from improper input validation (CWE-20) of messages received from connected switches, and no public exploit has been identified at time of analysis.

Denial Of Service Eos Cloudvision Exchange Cvx
NVD VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Denial of service in Arista EOS switches and CloudVision Exchange (CVX) servers arises from improper input validation in the TCP messaging protocol that governs EOS-CVX cluster communication. Sending malformed messages in either direction - from a CVX server to an EOS switch, or vice versa - triggers a Sysdb agent crash on the EOS device (causing a soft reset) or agent crashes on the CVX server (causing cluster-wide instability). Exploitation requires the attacker to already hold high-privilege access on a device within the cluster, and no public exploit code or CISA KEV listing exists at time of analysis, making this a targeted insider or post-compromise threat rather than an opportunistic one.

Denial Of Service Eos Cloudvision Exchange Cvx
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy