{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-54546", "assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "state": "PUBLISHED", "assignerShortName": "Arista", "dateReserved": "2025-07-24T18:47:24.387Z", "datePublished": "2025-10-29T22:40:57.833Z", "dateUpdated": "2025-10-30T14:15:10.106Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["DCA-350E-CV", "DCA-300-CV", "DCA-250-CV", "DCA-200-CV", "Arista Converged Cloud Fabric", "Arista DANZ Monitoring Fabric", "Arista Multi-Cloud Director"], "product": "DANZ Monitoring Fabric", "vendor": "Arista Networks", "versions": [{"status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "DMF 8.6.1", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "DMF 8.5.2", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "CCF 6.2.4", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "CVA 7.0", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "MCD 2.4.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">The following conditions must be met: A non-administrator user must be able to log into on the system, either via a local-user configuration or via remote authentication (TACACS+/RADIUS); the non-administrator user must have CLI access.</span><br>"}], "value": "The following conditions must be met: A non-administrator user must be able to log into on the system, either via a local-user configuration or via remote authentication (TACACS+/RADIUS); the non-administrator user must have CLI access."}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-350e-cv:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-300-cv:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-250-cv:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-200-cv:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_converged_cloud_fabric:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_danz_monitoring_fabric:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_multi-cloud_director:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*", "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*", "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*", "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*", "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*", "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*", "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*", "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*", "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*", "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*", "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*", "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*", "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*", "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*", "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*", "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*", "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*", "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*", "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*", "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*", "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*", "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*", "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*", "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*", "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*", "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*", "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*", "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*", "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*", "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*", "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*", "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*", "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*", "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*", "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*", "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "datePublic": "2025-10-22T15:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">On affected platforms, restricted users could use SSH port forwarding to access host-internal services</span><br>"}], "value": "On affected platforms, restricted users could use SSH port forwarding to access host-internal services"}], "impacts": [{"capecId": "CAPEC-212", "descriptions": [{"lang": "en", "value": "CAPEC-212"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-732", "description": "CWE-732", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "shortName": "Arista", "dateUpdated": "2025-10-29T22:40:57.833Z"}, "references": [{"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/22538-security-advisory-0124"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. Fixed versions are as follows for each product:</p><div>&nbsp;</div><div><b>Danz Monitoring Fabric</b></div><ol><ol><ul><li>DMF 8.7.1 and later releases in the 8.7.x train</li><li>DMF 8.6.2 and later releases in the 8.6.x train</li><li>DMF 8.5.3 and later releases in the 8.5.x train</li><li>DMF 8.4.6 and later releases in the 8.4.x train.</li></ul></ol></ol><div>&nbsp;</div><div><b>Converged Cloud Fabric</b></div><ol><ol><ul><li>CCF 6.2.5 and later releases in the 6.2.x train</li></ul></ol></ol><div>&nbsp;</div><div><b>Cloud Vision Appliance</b></div><ol><ol><ul><li>CVA 7.1.0 and later releases in the CVA 7.x train</li></ul></ol></ol><div>&nbsp;</div><div><b>Multi-Cloud Director</b></div><ol><ol><ul><li>MCD 2.4.1 and later releases in the 2.4.x train</li></ul></ol></ol>"}], "value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. Fixed versions are as follows for each product:\n\n\u00a0\n\nDanz Monitoring Fabric\n\n * DMF 8.7.1 and later releases in the 8.7.x train\n * DMF 8.6.2 and later releases in the 8.6.x train\n * DMF 8.5.3 and later releases in the 8.5.x train\n * DMF 8.4.6 and later releases in the 8.4.x train.\n\n\n\u00a0\n\nConverged Cloud Fabric\n\n * CCF 6.2.5 and later releases in the 6.2.x train\n\n\n\u00a0\n\nCloud Vision Appliance\n\n * CVA 7.1.0 and later releases in the CVA 7.x train\n\n\n\u00a0\n\nMulti-Cloud Director\n\n * MCD 2.4.1 and later releases in the 2.4.x train"}], "source": {"advisory": "124", "defect": ["BUG1084523"], "discovery": "INTERNAL"}, "title": "On affected platforms, restricted users could use SSH port forwarding to access host-internal services", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Disable any restricted users until an upgraded version can be installed.</span><br>"}], "value": "Disable any restricted users until an upgraded version can be installed."}], "x_generator": {"engine": "Vulnogram 0.4.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-732", "lang": "en", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-30T14:14:21.419821Z", "id": "CVE-2025-54546", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-30T14:15:10.106Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "On affected platforms, restricted users could use SSH port forwarding to access host-internal services", "source": {"defect": ["BUG1084523"], "advisory": "124", "discovery": "INTERNAL"}, "impacts": [{"capecId": "CAPEC-212", "descriptions": [{"lang": "en", "value": "CAPEC-212"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Arista Networks", "product": "DANZ Monitoring Fabric", "versions": [{"status": "affected", "version": "0", "versionType": "custom"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "DMF 8.6.1"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "DMF 8.5.2"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "CCF 6.2.4"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "CVA 7.0"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "MCD 2.4.0"}], "platforms": ["DCA-350E-CV", "DCA-300-CV", "DCA-250-CV", "DCA-200-CV", "Arista Converged Cloud Fabric", "Arista DANZ Monitoring Fabric", "Arista Multi-Cloud Director"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. Fixed versions are as follows for each product:\n\n\u00a0\n\nDanz Monitoring Fabric\n\n * DMF 8.7.1 and later releases in the 8.7.x train\n * DMF 8.6.2 and later releases in the 8.6.x train\n * DMF 8.5.3 and later releases in the 8.5.x train\n * DMF 8.4.6 and later releases in the 8.4.x train.\n\n\n\u00a0\n\nConverged Cloud Fabric\n\n * CCF 6.2.5 and later releases in the 6.2.x train\n\n\n\u00a0\n\nCloud Vision Appliance\n\n * CVA 7.1.0 and later releases in the CVA 7.x train\n\n\n\u00a0\n\nMulti-Cloud Director\n\n * MCD 2.4.1 and later releases in the 2.4.x train", "supportingMedia": [{"type": "text/html", "value": "<p>The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. Fixed versions are as follows for each product:</p><div>&nbsp;</div><div><b>Danz Monitoring Fabric</b></div><ol><ol><ul><li>DMF 8.7.1 and later releases in the 8.7.x train</li><li>DMF 8.6.2 and later releases in the 8.6.x train</li><li>DMF 8.5.3 and later releases in the 8.5.x train</li><li>DMF 8.4.6 and later releases in the 8.4.x train.</li></ul></ol></ol><div>&nbsp;</div><div><b>Converged Cloud Fabric</b></div><ol><ol><ul><li>CCF 6.2.5 and later releases in the 6.2.x train</li></ul></ol></ol><div>&nbsp;</div><div><b>Cloud Vision Appliance</b></div><ol><ol><ul><li>CVA 7.1.0 and later releases in the CVA 7.x train</li></ul></ol></ol><div>&nbsp;</div><div><b>Multi-Cloud Director</b></div><ol><ol><ul><li>MCD 2.4.1 and later releases in the 2.4.x train</li></ul></ol></ol>", "base64": false}]}], "datePublic": "2025-10-22T15:00:00.000Z", "references": [{"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/22538-security-advisory-0124"}], "workarounds": [{"lang": "en", "value": "Disable any restricted users until an upgraded version can be installed.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Disable any restricted users until an upgraded version can be installed.</span><br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.4.0"}, "descriptions": [{"lang": "en", "value": "On affected platforms, restricted users could use SSH port forwarding to access host-internal services", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">On affected platforms, restricted users could use SSH port forwarding to access host-internal services</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-732", "description": "CWE-732"}]}], "configurations": [{"lang": "en", "value": "The following conditions must be met: A non-administrator user must be able to log into on the system, either via a local-user configuration or via remote authentication (TACACS+/RADIUS); the non-administrator user must have CLI access.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">The following conditions must be met: A non-administrator user must be able to log into on the system, either via a local-user configuration or via remote authentication (TACACS+/RADIUS); the non-administrator user must have CLI access.</span><br>", "base64": false}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-350e-cv:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-300-cv:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-250-cv:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-200-cv:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_converged_cloud_fabric:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_danz_monitoring_fabric:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_multi-cloud_director:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "shortName": "Arista", "dateUpdated": "2025-10-29T22:40:57.833Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-54546", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-10-30T14:14:21.419821Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-732", "description": "CWE-732 Incorrect Permission Assignment for Critical Resource"}]}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2025-10-30T14:15:02.942Z"}}]}, "cveMetadata": {"cveId": "CVE-2025-54546", "state": "PUBLISHED", "dateUpdated": "2025-10-29T22:40:57.833Z", "dateReserved": "2025-07-24T18:47:24.387Z", "assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "datePublished": "2025-10-29T22:40:57.833Z", "assignerShortName": "Arista"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "On affected platforms, restricted users could use SSH port forwarding to access host-internal services"}], "id": "CVE-2025-54546", "lastModified": "2025-10-30T15:15:39.400", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "psirt@arista.com", "type": "Secondary"}]}, "published": "2025-10-29T23:16:18.833", "references": [{"source": "psirt@arista.com", "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/22538-security-advisory-0124"}], "sourceIdentifier": "psirt@arista.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "psirt@arista.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-732"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}