Cryptographic Validation Vulnerability in Arista's Upgrade Process
CVE-2025-54549

5.9MEDIUM

Key Information:

Vendor: Arista Networks
Status: Danz Monitoring Fabric
Vendor: CVE Published:; 29 October 2025

🔔 Create Arista Networks Vulnerability Alert

What is CVE-2025-54549?

A vulnerability exists in Arista's upgrade images due to improper cryptographic validation, allowing an adversary to bypass security mechanisms by dropping a specially crafted file into the upgrade ISO. This flaw poses significant risks to the integrity and security of systems relying on these upgrade processes, making it essential for users to remain vigilant and apply necessary updates.

Affected Version(s)

DANZ Monitoring Fabric DCA-350E-CV 0

References

https://www.arista.com/en/support/advisories-notices/secu...

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 29, 2025
Vulnerability Reserved
Jul 24, 2025

JSON