UDP Vulnerability in Arista EOS Network Operating System
CVE-2025-6188

7.5HIGH

Key Information:

Vendor: Arista Networks
Status: Eos
Vendor: CVE Published:; 25 August 2025

🔔 Create Arista Networks Vulnerability Alert

What is CVE-2025-6188?

A vulnerability exists in Arista's EOS operating system, where specifically malformed UDP packets originating from port 3503 can be processed by the system. This can lead to unpredictable behavior in UDP-based services lacking adequate authentication mechanisms. The flaw arises due to the acceptance of unexpected packet types, potentially allowing attackers to exploit the services reliant on EOS for network operations. Organizations using affected versions should implement patches and configure their systems to mitigate risks associated with unauthorized packet processing.

Affected Version(s)

EOS EOS 4.33.0 <= 4.33.1F

EOS EOS 4.33.1.0 <= 4.33.1.2F

EOS EOS 4.32.4.0 <= 4.32.4.1M

References

https://www.arista.com/en/support/advisories-notices/secu...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 25, 2025
Vulnerability Reserved
Jun 16, 2025

Credit

This issue was discovered externally and responsibly reported to Arista by Chris Laffin of automattic.com.