Description
In a CVX cluster, an EOS switch connected to a CVX server is not resilient to certain malformed messages received from the connected CVX server. Similarly, the CVX server is not resilient to certain malformed messages received from the connected EOS switch. This leads to either a Sysdb agent crash on the EOS device causing a soft reset of the switch or agent crashes on the CVX server causing instability of the CVX cluster. An attacker could use this behavior to create a denial of service (DoS) scenario. Note that this would require the attacker to already have a high privilege access to the connected device to be able to send custom TCP packets. EOS switches that are not connected to a CVX server are not impacted.
Published: 2026-06-05
Score: 7.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A malformed message exchange between an EOS switch and a CVX server in a CVX cluster can cause the Sysdb agent on the EOS device or the server itself to crash, resulting in a soft reset of the switch or instability of the CVX cluster. The flaw is a classic input validation failure (CWE‑20) that allows an attacker to craft invalid TCP packets to trigger the crash. The impact is a loss of availability for the affected network element and potentially for the entire CVX ecosystem if the server crashes.

Affected Systems

The critical components are Arista Networks EOS switches and the CloudVision eXchange (CVX) server. Versions prior to 4.34.2F in the 4.34 train, 4.33.5M in the 4.33 train, 4.32.7M in the 4.32 train, and 4.31.9M in the 4.31 train are vulnerable.

Risk and Exploitability

The CVSS score of 7.1 indicates a high severity risk, but EPSS is not available, suggesting that the exploitation probability is currently unknown. The vulnerability is not listed in the CISA KEV catalog. An attacker would need high‑privilege access to the affected device or the ability to send custom TCP packets on the CVX control channel, indicating that the threat is most relevant to internal attackers or compromised administrators rather than external threat actors.

Generated by OpenCVE AI on June 5, 2026 at 17:52 UTC.

Remediation

Vendor Solution

The recommended resolution is to upgrade to a remediated software version at your earliest convenience. CVE-2025-5089 has been fixed in the following releases: * 4.34.2F and later releases in the 4.34.x train * 4.33.5M and later releases in the 4.33.x train * 4.32.7M and later releases in the 4.32.x train * 4.31.9M and later releases in the 4.31.x train

Vendor Workaround

There is no mitigation for this issue.

OpenCVE Recommended Actions

  • Upgrade the affected EOS switches and CVX servers to the remediated releases listed in the Arista advisory.
  • Perform a controlled reboot of the EOS switches and the CVX cluster after upgrading to ensure the Sysdb agent and server processes start correctly.
  • Monitor cluster logs for repeated Sysdb agent crashes and use network segmentation to restrict the CVX TCP control channel to trusted devices, reducing the chance of malicious packet injection.

Generated by OpenCVE AI on June 5, 2026 at 17:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description In a CVX cluster, an EOS switch connected to a CVX server is not resilient to certain malformed messages received from the connected CVX server. Similarly, the CVX server is not resilient to certain malformed messages received from the connected EOS switch. This leads to either a Sysdb agent crash on the EOS device causing a soft reset of the switch or agent crashes on the CVX server causing instability of the CVX cluster. An attacker could use this behavior to create a denial of service (DoS) scenario. Note that this would require the attacker to already have a high privilege access to the connected device to be able to send custom TCP packets. EOS switches that are not connected to a CVX server are not impacted.
Title Arista EOS SysDB Agent Denial of Service via Malformed CVX Client/Server Messages
Weaknesses CWE-20
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Arista

Published:

Updated: 2026-06-05T15:44:45.822Z

Reserved: 2025-05-22T16:26:45.461Z

Link: CVE-2025-5089

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-05T17:16:30.180

Modified: 2026-06-05T19:03:48.933

Link: CVE-2025-5089

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T18:00:15Z

Weaknesses