CVE-2025-5090

Description

CVX is not resilient to unexpected messages from a connected switch. This leads to agent crashes on CVX causing instability in the CVX cluster. An attacker could use this behavior to create a denial of service (DoS) scenario. Note that this would require the attacker to have a high privilege access to the connected switch to be able to send custom TCP packets to the CVX.

References

• https://www.arista.com/en/support/advisories-notices/security-advisory/22868-security-advisory-0126