MACsec Configuration Vulnerability in Arista EOS Products
CVE-2025-7048

5.3MEDIUM

Key Information:

Vendor: Arista Networks
Status: Eos
Vendor: CVE Published:; 6 January 2026

🔔 Create Arista Networks Vulnerability Alert

What is CVE-2025-7048?

A vulnerability exists in Arista EOS when configured with MACsec, where specially crafted packets can lead to unexpected termination of the MACsec process. This disruption can result in prolonged issues with data traffic, as continuous input of these packets causes instability in the data plane. The threat impacts network reliability significantly, necessitating immediate attention from network administrators running affected configurations.

Affected Version(s)

EOS 7500R/R2 4.34.3.0 <= 4.34.3.1M

EOS 7500R/R2 4.33.0 <= 4.33.5M

EOS 7500R/R2 4.32.0 <= 4.32.7M

References

https://www.arista.com/en/support/advisories-notices/secu...

CVSS V4

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 6, 2026
Vulnerability Reserved
Jul 3, 2025

CVE-2025-7048 Data

JSON