{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-54548", "assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "state": "PUBLISHED", "assignerShortName": "Arista", "dateReserved": "2025-07-24T18:47:24.387Z", "datePublished": "2025-10-29T22:52:54.039Z", "dateUpdated": "2025-10-30T14:15:49.212Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["DCA-350E-CV", "DCA-300-CV", "DCA-250-CV", "DCA-200-CV", "Arista Converged Cloud Fabric", "Arista DANZ Monitoring Fabric", "Arista Multi-Cloud Director"], "product": "DANZ Monitoring Fabric", "vendor": "Arista Networks", "versions": [{"status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "DMF 8.6.1", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "DMF 8.5.2", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "CCF 6.2.4", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "CVA 7.0", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "MCD 2.4.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">The following conditions must be met: A non-administrator user must be configured on the system; The user must have REST API access.</span><br>"}], "value": "The following conditions must be met: A non-administrator user must be configured on the system; The user must have REST API access."}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-350e-cv:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-300-cv:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-250-cv:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-200-cv:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_converged_cloud_fabric:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_danz_monitoring_fabric:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_multi-cloud_director:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*", "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*", "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*", "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*", "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*", "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*", "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*", "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*", "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*", "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*", "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*", "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*", "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*", "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*", "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*", "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*", "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*", "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*", "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*", "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*", "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*", "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*", "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*", "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*", "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*", "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*", "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*", "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*", "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*", "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*", "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*", "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*", "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*", "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*", "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*", "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "datePublic": "2025-10-22T15:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">On affected platforms, restricted users could view sensitive portions of the config database via a debug API (e.g., user password hashes)</span><br>"}], "value": "On affected platforms, restricted users could view sensitive portions of the config database via a debug API (e.g., user password hashes)"}], "impacts": [{"capecId": "CAPEC-36", "descriptions": [{"lang": "en", "value": "CAPEC-36 Using Unpublished Interfaces or Functionality"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "shortName": "Arista", "dateUpdated": "2025-10-29T22:52:54.039Z"}, "references": [{"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/22538-security-advisory-0124"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. Fixed versions are as follows for each product:</p><div>&nbsp;</div><div><b>Danz Monitoring Fabric</b></div><ol><ol><ul><li>DMF 8.7.1 and later releases in the 8.7.x train</li><li>DMF 8.6.2 and later releases in the 8.6.x train</li><li>DMF 8.5.3 and later releases in the 8.5.x train</li><li>DMF 8.4.6 and later releases in the 8.4.x train.</li></ul></ol></ol><div>&nbsp;</div><div><b>Converged Cloud Fabric</b></div><ol><ol><ul><li>CCF 6.2.5 and later releases in the 6.2.x train</li></ul></ol></ol><div>&nbsp;</div><div><b>Cloud Vision Appliance</b></div><ol><ol><ul><li>CVA 7.1.0 and later releases in the CVA 7.x train</li></ul></ol></ol><div>&nbsp;</div><div><b>Multi-Cloud Director</b></div><ol><ol><ul><li>MCD 2.4.1 and later releases in the 2.4.x train</li></ul></ol></ol>"}], "value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. Fixed versions are as follows for each product:\n\n\u00a0\n\nDanz Monitoring Fabric\n\n * DMF 8.7.1 and later releases in the 8.7.x train\n * DMF 8.6.2 and later releases in the 8.6.x train\n * DMF 8.5.3 and later releases in the 8.5.x train\n * DMF 8.4.6 and later releases in the 8.4.x train.\n\n\n\u00a0\n\nConverged Cloud Fabric\n\n * CCF 6.2.5 and later releases in the 6.2.x train\n\n\n\u00a0\n\nCloud Vision Appliance\n\n * CVA 7.1.0 and later releases in the CVA 7.x train\n\n\n\u00a0\n\nMulti-Cloud Director\n\n * MCD 2.4.1 and later releases in the 2.4.x train"}], "source": {"advisory": "124", "defect": ["BUG1082430", "BSC-20741"], "discovery": "INTERNAL"}, "title": "On affected platforms, restricted users could view sensitive portions of the config database via a debug API (e.g., user password hashes)", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Disable any restricted users until an upgraded version can be installed.</span><br>"}], "value": "Disable any restricted users until an upgraded version can be installed."}], "x_generator": {"engine": "Vulnogram 0.4.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-30T14:13:10.416471Z", "id": "CVE-2025-54548", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-30T14:15:49.212Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-54548", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-30T14:13:10.416471Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-30T14:15:45.532Z"}}], "cna": {"title": "On affected platforms, restricted users could view sensitive portions of the config database via a debug API (e.g., user password hashes)", "source": {"defect": ["BUG1082430", "BSC-20741"], "advisory": "124", "discovery": "INTERNAL"}, "impacts": [{"capecId": "CAPEC-36", "descriptions": [{"lang": "en", "value": "CAPEC-36 Using Unpublished Interfaces or Functionality"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Arista Networks", "product": "DANZ Monitoring Fabric", "versions": [{"status": "affected", "version": "0", "versionType": "custom"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "DMF 8.6.1"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "DMF 8.5.2"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "CCF 6.2.4"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "CVA 7.0"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "MCD 2.4.0"}], "platforms": ["DCA-350E-CV", "DCA-300-CV", "DCA-250-CV", "DCA-200-CV", "Arista Converged Cloud Fabric", "Arista DANZ Monitoring Fabric", "Arista Multi-Cloud Director"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. Fixed versions are as follows for each product:\n\n\u00a0\n\nDanz Monitoring Fabric\n\n * DMF 8.7.1 and later releases in the 8.7.x train\n * DMF 8.6.2 and later releases in the 8.6.x train\n * DMF 8.5.3 and later releases in the 8.5.x train\n * DMF 8.4.6 and later releases in the 8.4.x train.\n\n\n\u00a0\n\nConverged Cloud Fabric\n\n * CCF 6.2.5 and later releases in the 6.2.x train\n\n\n\u00a0\n\nCloud Vision Appliance\n\n * CVA 7.1.0 and later releases in the CVA 7.x train\n\n\n\u00a0\n\nMulti-Cloud Director\n\n * MCD 2.4.1 and later releases in the 2.4.x train", "supportingMedia": [{"type": "text/html", "value": "<p>The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. Fixed versions are as follows for each product:</p><div>&nbsp;</div><div><b>Danz Monitoring Fabric</b></div><ol><ol><ul><li>DMF 8.7.1 and later releases in the 8.7.x train</li><li>DMF 8.6.2 and later releases in the 8.6.x train</li><li>DMF 8.5.3 and later releases in the 8.5.x train</li><li>DMF 8.4.6 and later releases in the 8.4.x train.</li></ul></ol></ol><div>&nbsp;</div><div><b>Converged Cloud Fabric</b></div><ol><ol><ul><li>CCF 6.2.5 and later releases in the 6.2.x train</li></ul></ol></ol><div>&nbsp;</div><div><b>Cloud Vision Appliance</b></div><ol><ol><ul><li>CVA 7.1.0 and later releases in the CVA 7.x train</li></ul></ol></ol><div>&nbsp;</div><div><b>Multi-Cloud Director</b></div><ol><ol><ul><li>MCD 2.4.1 and later releases in the 2.4.x train</li></ul></ol></ol>", "base64": false}]}], "datePublic": "2025-10-22T15:00:00.000Z", "references": [{"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/22538-security-advisory-0124"}], "workarounds": [{"lang": "en", "value": "Disable any restricted users until an upgraded version can be installed.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Disable any restricted users until an upgraded version can be installed.</span><br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.4.0"}, "descriptions": [{"lang": "en", "value": "On affected platforms, restricted users could view sensitive portions of the config database via a debug API (e.g., user password hashes)", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">On affected platforms, restricted users could view sensitive portions of the config database via a debug API (e.g., user password hashes)</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "configurations": [{"lang": "en", "value": "The following conditions must be met: A non-administrator user must be configured on the system; The user must have REST API access.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">The following conditions must be met: A non-administrator user must be configured on the system; The user must have REST API access.</span><br>", "base64": false}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-350e-cv:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-300-cv:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-250-cv:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-200-cv:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_converged_cloud_fabric:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_danz_monitoring_fabric:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_multi-cloud_director:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "shortName": "Arista", "dateUpdated": "2025-10-29T22:52:54.039Z"}}}, "cveMetadata": {"cveId": "CVE-2025-54548", "state": "PUBLISHED", "dateUpdated": "2025-10-30T14:15:49.212Z", "dateReserved": "2025-07-24T18:47:24.387Z", "assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "datePublished": "2025-10-29T22:52:54.039Z", "assignerShortName": "Arista"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "On affected platforms, restricted users could view sensitive portions of the config database via a debug API (e.g., user password hashes)"}], "id": "CVE-2025-54548", "lastModified": "2025-10-30T15:03:13.440", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "psirt@arista.com", "type": "Secondary"}]}, "published": "2025-10-29T23:16:19.100", "references": [{"source": "psirt@arista.com", "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/22538-security-advisory-0124"}], "sourceIdentifier": "psirt@arista.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "psirt@arista.com", "type": "Secondary"}]}

{}