On affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503 may be accepted by EOS. UDP Port 3503 is associated with LspPing Echo Reply. This can result in unexpected behaviors, especially for UDP based services that do not perform some form of authentication.
Fixes

Solution

The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades CVE-2025-6188 has been fixed in the following releases: * 4.34.0 and later releases in the 4.34.x train * 4.33.2 and later releases in the 4.33.x train * 4.32.5 and later releases in the 4.32.x train * 4.31.7 and later releases in the 4.31.x train * 4.30.10 and later releases in the 4.30.x train


Workaround

For EOS versions more recent than 4.28.1, if MPLS is not being used on the EOS device, a custom control plane ACL can be applied to remove the rules that allow traffic with source port 3503. Switch(config)#system control-plane Switch(config-cp)#ip access-group my-custom-acl   For EOS versions more recent than 4.22.0, an ‘mpls ping’ service ACL can be applied to restrict traffic coming with source/destination port 3503. This service ACL is applicable on the traffic coming in with source/destination port 3503. MPLS configuration is not required to apply the ACL. Take the following example, where the user applies service ACL ‘Foo’ that allows traffic from 10.0.0.0/8 with source port 3503 and denies everything else. Switch(config)#ip access-list Foo Switch(config-acl-foo)#permit udp 10.0.0.0/8 eq lsp-ping any Switch(config-acl-foo)#deny udp any eq lsp-ping any Switch(config)#mpls ping Switch(config-mpls-ping)#ip access-group foo in   If MPLS is not being used, it is fine to only have the deny rule in the ACL. For EOS versions older than 4.22.0 no mitigation exists.

History

Wed, 27 Aug 2025 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-290

Tue, 26 Aug 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 26 Aug 2025 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Arista
Arista eos
Vendors & Products Arista
Arista eos

Mon, 25 Aug 2025 21:45:00 +0000

Type Values Removed Values Added
Description On affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503 may be accepted by EOS. UDP Port 3503 is associated with LspPing Echo Reply. This can result in unexpected behaviors, especially for UDP based services that do not perform some form of authentication.
Title On affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503 may be accepted by EOS. UDP Port 3503 is associated with LspPing Echo Reply. This can result in unexpected behaviors, especially for UDP based services that do n
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Arista

Published:

Updated: 2025-08-27T14:53:30.181Z

Reserved: 2025-06-16T20:34:33.402Z

Link: CVE-2025-6188

cve-icon Vulnrichment

Updated: 2025-08-26T19:57:03.146Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-25T21:15:38.500

Modified: 2025-08-27T15:15:40.633

Link: CVE-2025-6188

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-26T08:54:52Z