Metrics
Affected Vendors & Products
Solution
The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades CVE-2025-6188 has been fixed in the following releases: * 4.34.0 and later releases in the 4.34.x train * 4.33.2 and later releases in the 4.33.x train * 4.32.5 and later releases in the 4.32.x train * 4.31.7 and later releases in the 4.31.x train * 4.30.10 and later releases in the 4.30.x train
Workaround
For EOS versions more recent than 4.28.1, if MPLS is not being used on the EOS device, a custom control plane ACL can be applied to remove the rules that allow traffic with source port 3503. Switch(config)#system control-plane Switch(config-cp)#ip access-group my-custom-acl For EOS versions more recent than 4.22.0, an ‘mpls ping’ service ACL can be applied to restrict traffic coming with source/destination port 3503. This service ACL is applicable on the traffic coming in with source/destination port 3503. MPLS configuration is not required to apply the ACL. Take the following example, where the user applies service ACL ‘Foo’ that allows traffic from 10.0.0.0/8 with source port 3503 and denies everything else. Switch(config)#ip access-list Foo Switch(config-acl-foo)#permit udp 10.0.0.0/8 eq lsp-ping any Switch(config-acl-foo)#deny udp any eq lsp-ping any Switch(config)#mpls ping Switch(config-mpls-ping)#ip access-group foo in If MPLS is not being used, it is fine to only have the deny rule in the ACL. For EOS versions older than 4.22.0 no mitigation exists.
Wed, 27 Aug 2025 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-290 |
Tue, 26 Aug 2025 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 26 Aug 2025 09:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Arista
Arista eos |
|
Vendors & Products |
Arista
Arista eos |
Mon, 25 Aug 2025 21:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | On affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503 may be accepted by EOS. UDP Port 3503 is associated with LspPing Echo Reply. This can result in unexpected behaviors, especially for UDP based services that do not perform some form of authentication. | |
Title | On affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503 may be accepted by EOS. UDP Port 3503 is associated with LspPing Echo Reply. This can result in unexpected behaviors, especially for UDP based services that do n | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: Arista
Published:
Updated: 2025-08-27T14:53:30.181Z
Reserved: 2025-06-16T20:34:33.402Z
Link: CVE-2025-6188

Updated: 2025-08-26T19:57:03.146Z

Status : Awaiting Analysis
Published: 2025-08-25T21:15:38.500
Modified: 2025-08-27T15:15:40.633
Link: CVE-2025-6188

No data.

Updated: 2025-08-26T08:54:52Z