{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-54545", "assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "state": "PUBLISHED", "assignerShortName": "Arista", "dateReserved": "2025-07-24T18:47:24.386Z", "datePublished": "2025-10-29T22:36:24.379Z", "dateUpdated": "2025-10-30T14:14:49.068Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["DCA-350E-CV", "DCA-300-CV", "DCA-250-CV", "DCA-200-CV", "Arista Converged Cloud Fabric", "Arista DANZ Monitoring Fabric", "Arista Multi-Cloud Director"], "product": "DANZ Monitoring Fabric", "vendor": "Arista Networks", "versions": [{"status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "DMF 8.6.1", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "DMF 8.5.2", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "CCF 6.2.4", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "CVA 7.0", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "MCD 2.4.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">The following conditions must be met: A non-administrator user must be able to log into on the system, either via a local-user configuration or via remote authentication (TACACS+/RADIUS).</span><br>"}], "value": "The following conditions must be met: A non-administrator user must be able to log into on the system, either via a local-user configuration or via remote authentication (TACACS+/RADIUS)."}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-350e-cv:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-300-cv:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-250-cv:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-200-cv:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_converged_cloud_fabric:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_danz_monitoring_fabric:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_multi-cloud_director:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*", "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*", "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*", "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*", "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*", "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*", "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*", "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*", "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*", "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*", "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*", "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*", "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*", "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*", "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*", "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*", "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*", "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*", "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*", "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*", "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*", "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*", "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*", "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*", "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*", "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*", "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*", "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*", "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*", "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*", "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*", "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*", "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*", "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*", "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*", "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "datePublic": "2025-10-22T15:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">On affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges.</span><br>"}], "value": "On affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges."}], "impacts": [{"descriptions": [{"lang": "en", "value": "capec-233"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-732", "description": "CWE-732", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "shortName": "Arista", "dateUpdated": "2025-10-29T22:36:24.379Z"}, "references": [{"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/22538-security-advisory-0124"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. Fixed versions are as follows for each product:</p><div>&nbsp;</div><div><b>Danz Monitoring Fabric</b></div><ol><ol><ul><li>DMF 8.7.1 and later releases in the 8.7.x train</li><li>DMF 8.6.2 and later releases in the 8.6.x train</li><li>DMF 8.5.3 and later releases in the 8.5.x train</li><li>DMF 8.4.6 and later releases in the 8.4.x train.</li></ul></ol></ol><div>&nbsp;</div><div><b>Converged Cloud Fabric</b></div><ol><ol><ul><li>CCF 6.2.5 and later releases in the 6.2.x train</li></ul></ol></ol><div>&nbsp;</div><div><b>Cloud Vision Appliance</b></div><ol><ol><ul><li>CVA 7.1.0 and later releases in the CVA 7.x train</li></ul></ol></ol><div>&nbsp;</div><div><b>Multi-Cloud Director</b></div><ol><ol><ul><li>MCD 2.4.1 and later releases in the 2.4.x train</li></ul></ol></ol>"}], "value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. Fixed versions are as follows for each product:\n\n\u00a0\n\nDanz Monitoring Fabric\n\n * DMF 8.7.1 and later releases in the 8.7.x train\n * DMF 8.6.2 and later releases in the 8.6.x train\n * DMF 8.5.3 and later releases in the 8.5.x train\n * DMF 8.4.6 and later releases in the 8.4.x train.\n\n\n\u00a0\n\nConverged Cloud Fabric\n\n * CCF 6.2.5 and later releases in the 6.2.x train\n\n\n\u00a0\n\nCloud Vision Appliance\n\n * CVA 7.1.0 and later releases in the CVA 7.x train\n\n\n\u00a0\n\nMulti-Cloud Director\n\n * MCD 2.4.1 and later releases in the 2.4.x train"}], "source": {"advisory": "124", "defect": ["BUG1084524", "BSC-20739"], "discovery": "INTERNAL"}, "title": "On affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges.", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Disable any non-administrator users until an upgraded version can be installed.</span><br>"}], "value": "Disable any non-administrator users until an upgraded version can be installed."}], "x_generator": {"engine": "Vulnogram 0.4.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-732", "lang": "en", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-30T14:14:29.376193Z", "id": "CVE-2025-54545", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-30T14:14:49.068Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-54545", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-10-30T14:14:29.376193Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-732", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-30T14:14:44.072Z"}}], "cna": {"title": "On affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges.", "source": {"defect": ["BUG1084524", "BSC-20739"], "advisory": "124", "discovery": "INTERNAL"}, "impacts": [{"descriptions": [{"lang": "en", "value": "capec-233"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Arista Networks", "product": "DANZ Monitoring Fabric", "versions": [{"status": "affected", "version": "0", "versionType": "custom"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "DMF 8.6.1"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "DMF 8.5.2"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "CCF 6.2.4"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "CVA 7.0"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "MCD 2.4.0"}], "platforms": ["DCA-350E-CV", "DCA-300-CV", "DCA-250-CV", "DCA-200-CV", "Arista Converged Cloud Fabric", "Arista DANZ Monitoring Fabric", "Arista Multi-Cloud Director"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. Fixed versions are as follows for each product:\n\n\u00a0\n\nDanz Monitoring Fabric\n\n * DMF 8.7.1 and later releases in the 8.7.x train\n * DMF 8.6.2 and later releases in the 8.6.x train\n * DMF 8.5.3 and later releases in the 8.5.x train\n * DMF 8.4.6 and later releases in the 8.4.x train.\n\n\n\u00a0\n\nConverged Cloud Fabric\n\n * CCF 6.2.5 and later releases in the 6.2.x train\n\n\n\u00a0\n\nCloud Vision Appliance\n\n * CVA 7.1.0 and later releases in the CVA 7.x train\n\n\n\u00a0\n\nMulti-Cloud Director\n\n * MCD 2.4.1 and later releases in the 2.4.x train", "supportingMedia": [{"type": "text/html", "value": "<p>The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. Fixed versions are as follows for each product:</p><div>&nbsp;</div><div><b>Danz Monitoring Fabric</b></div><ol><ol><ul><li>DMF 8.7.1 and later releases in the 8.7.x train</li><li>DMF 8.6.2 and later releases in the 8.6.x train</li><li>DMF 8.5.3 and later releases in the 8.5.x train</li><li>DMF 8.4.6 and later releases in the 8.4.x train.</li></ul></ol></ol><div>&nbsp;</div><div><b>Converged Cloud Fabric</b></div><ol><ol><ul><li>CCF 6.2.5 and later releases in the 6.2.x train</li></ul></ol></ol><div>&nbsp;</div><div><b>Cloud Vision Appliance</b></div><ol><ol><ul><li>CVA 7.1.0 and later releases in the CVA 7.x train</li></ul></ol></ol><div>&nbsp;</div><div><b>Multi-Cloud Director</b></div><ol><ol><ul><li>MCD 2.4.1 and later releases in the 2.4.x train</li></ul></ol></ol>", "base64": false}]}], "datePublic": "2025-10-22T15:00:00.000Z", "references": [{"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/22538-security-advisory-0124"}], "workarounds": [{"lang": "en", "value": "Disable any non-administrator users until an upgraded version can be installed.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Disable any non-administrator users until an upgraded version can be installed.</span><br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.4.0"}, "descriptions": [{"lang": "en", "value": "On affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">On affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges.</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-732", "description": "CWE-732"}]}], "configurations": [{"lang": "en", "value": "The following conditions must be met: A non-administrator user must be able to log into on the system, either via a local-user configuration or via remote authentication (TACACS+/RADIUS).", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">The following conditions must be met: A non-administrator user must be able to log into on the system, either via a local-user configuration or via remote authentication (TACACS+/RADIUS).</span><br>", "base64": false}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-350e-cv:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-300-cv:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-250-cv:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-200-cv:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_converged_cloud_fabric:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_danz_monitoring_fabric:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_multi-cloud_director:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "shortName": "Arista", "dateUpdated": "2025-10-29T22:36:24.379Z"}}}, "cveMetadata": {"cveId": "CVE-2025-54545", "state": "PUBLISHED", "dateUpdated": "2025-10-30T14:14:49.068Z", "dateReserved": "2025-07-24T18:47:24.386Z", "assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "datePublished": "2025-10-29T22:36:24.379Z", "assignerShortName": "Arista"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "On affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges."}], "id": "CVE-2025-54545", "lastModified": "2025-10-30T15:15:39.263", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "psirt@arista.com", "type": "Secondary"}]}, "published": "2025-10-29T23:16:18.603", "references": [{"source": "psirt@arista.com", "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/22538-security-advisory-0124"}], "sourceIdentifier": "psirt@arista.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "psirt@arista.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-732"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}