CVE-2025-2826

Published: May 27, 2025

Modified: May 28, 2025

PUBLISHED

CVSS v3.1

2.6

LOW

Description

n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets. This can cause incoming packets to incorrectly be allowed or denied. The two symptoms of this issue on the affected release and platform are: * Packets which should be permitted may be dropped and, * Packets which should be dropped may be permitted.

Vendor	Product	Versions
Arista Networks	EOS	affected `4.33.2F`

Weaknesses (CWE)

CWE-1284

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

References

https://www.arista.com/en/support/advisories-notices/security-advisory/21414-security-advisory-0120

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-2826

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References