Arista CloudVision Exchange (CVX) Cluster Privilege Escalation via MCS Redis Session
CVE-2025-5088

8.7HIGH

Key Information:

Vendor: Arista Networks
Status: Eos / Cloudvision Exchange (cvx)
Vendor: CVE Published:; 5 June 2026

🔔 Create Arista Networks Vulnerability Alert

What is CVE-2025-5088?

An authenticated Redis session could be used to obtain full root access to all servers in the CVX cluster. Note that this would require an attacker to have both network access to the Redis service on a CVX server and the Redis password. Please note that all Redis communication, including authentication, occurs over plaintext in the present day. TLS support is tracked under RFE1294850.

Affected Version(s)

EOS / CloudVision eXchange (CVX) CloudVision eXchange 4.34.0F <= 4.34.1F

EOS / CloudVision eXchange (CVX) CloudVision eXchange 4.33.0M <= 4.33.4M

EOS / CloudVision eXchange (CVX) CloudVision eXchange 4.32.0M <= 4.32.6M

References

https://www.arista.com/en/support/advisories-notices/secu...

vendor-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 5, 2026
Vulnerability Reserved
May 22, 2025

CVE-2025-5088 Data

JSON