IPSec Vulnerability in Arista EOS with Anti-Replay Protection
CVE-2025-2796

5.3MEDIUM

Key Information:

Vendor: Arista Networks
Status: Eos
Vendor: CVE Published:; 27 May 2025

🔔 Create Arista Networks Vulnerability Alert

What is CVE-2025-2796?

A vulnerability in Arista's EOS occurs when hardware IPSec support is enabled, coupled with anti-replay protection. In specific scenarios, the system fails to drop duplicate encrypted packets, contrary to expected behavior. This flaw allows such packets to be inadvertently forwarded, posing potential security risks. Importantly, this issue does not impact VXLANSec or MACSec encryption functionalities.

Affected Version(s)

EOS EOS 4.33.0 <= 4.33.2F

References

https://www.arista.com/en/support/advisories-notices/secu...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 27, 2025
Vulnerability Reserved
Mar 25, 2025

JSON