CVE-2025-0505

Critical CVSS: 10.0

On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that CloudVision as-a-Service is not affected.

Vendor

Product

CWE

CWE-269

Yayın Tarihi

2025-05-08 19:16:01

Güncelleme

2025-05-12 17:32:52

Source Identifier

psirt@arista.com

KEV Date Added

Kategoriler

CWE-269 CRITICAL 2025

Referanslar

https://www.arista.com/en/support/advisories-notices/security-advisory/21315-security-advisory-0115