Arista CloudVision Exchange Cluster Instability via Unexpected Switch Messages
CVE-2025-5090

7.1HIGH

Key Information:

Vendor: Arista Networks
Status: Eos / Cloudvision Exchange (cvx)
Vendor: CVE Published:; 5 June 2026

🔔 Create Arista Networks Vulnerability Alert

What is CVE-2025-5090?

CVX is not resilient to unexpected messages from a connected switch. This leads to agent crashes on CVX causing instability in the CVX cluster. An attacker could use this behavior to create a denial of service (DoS) scenario. Note that this would require the attacker to have a high privilege access to the connected switch to be able to send custom TCP packets to the CVX.

Affected Version(s)

EOS / CloudVision eXchange (CVX) CloudVision eXchange 4.34.0F <= 4.34.1F

EOS / CloudVision eXchange (CVX) CloudVision eXchange 4.33.0M <= 4.33.4M

EOS / CloudVision eXchange (CVX) CloudVision eXchange 4.32.0M <= 4.32.6M

References

https://www.arista.com/en/support/advisories-notices/secu...

vendor-advisory

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 5, 2026
Vulnerability Reserved
May 22, 2025

CVE-2025-5090 Data

JSON