OSPFv3 Process High CPU Utilization in Arista EOS
CVE-2025-8872

7.1HIGH

Key Information:

Vendor: Arista Networks
Status: Eos
Vendor: CVE Published:; 16 December 2025

🔔 Create Arista Networks Vulnerability Alert

What is CVE-2025-8872?

On systems running Arista EOS with Open Shortest Path First version 3 (OSPFv3) configured, a specially crafted packet can lead to excessive CPU usage in the OSPFv3 process. This may cause the OSPFv3 process to restart, interrupting routes on the switch and potentially impacting network stability. While Arista discovered this issue through internal testing and reports no evidence of exploitation in the wild, it poses a risk to operational efficiency and network reliability.

Affected Version(s)

EOS 710/710XP Series 4.34.0 <= 4.34.1F

EOS 710/710XP Series 4.33.0 <= 4.33.4M

EOS 710/710XP Series 4.32.0 <= 4.32.7M

References

https://www.arista.com/en/support/advisories-notices/secu...

CVSS V4

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Dec 16, 2025
Vulnerability Reserved
Aug 11, 2025

JSON