{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-54549", "assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "state": "PUBLISHED", "assignerShortName": "Arista", "dateReserved": "2025-07-24T18:47:24.387Z", "datePublished": "2025-10-29T22:55:54.433Z", "dateUpdated": "2025-10-30T14:12:59.838Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["DCA-350E-CV", "DCA-300-CV", "DCA-250-CV", "DCA-200-CV", "Arista Converged Cloud Fabric", "Arista DANZ Monitoring Fabric", "Arista Multi-Cloud Director"], "product": "DANZ Monitoring Fabric", "vendor": "Arista Networks", "versions": [{"status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "DMF 8.6.1", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "DMF 8.5.2", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "CCF 6.2.4", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "CVA 7.0", "status": "affected", "version": "0", "versionType": "custom"}, {"lessThanOrEqual": "MCD 2.4.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">The operator must attempt to install a tampered software upgrade image.</span><br>"}], "value": "The operator must attempt to install a tampered software upgrade image."}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-350e-cv:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-300-cv:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-250-cv:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-200-cv:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_converged_cloud_fabric:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_danz_monitoring_fabric:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_multi-cloud_director:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*", "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*", "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*", "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*", "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*", "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*", "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*", "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*", "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*", "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*", "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*", "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*", "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*", "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*", "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*", "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*", "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*", "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*", "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*", "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*", "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*", "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*", "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*", "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*", "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*", "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*", "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*", "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*", "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*", "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*", "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*", "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*", "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*", "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*", "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*", "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "datePublic": "2025-10-22T15:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO</span><br>"}], "value": "Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO"}], "impacts": [{"capecId": "CAPEC-186", "descriptions": [{"lang": "en", "value": "CAPEC-186 Malicious Software Update"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-347", "description": "CWE-347 Improper Verification of Cryptographic Signature", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "shortName": "Arista", "dateUpdated": "2025-10-29T22:55:54.433Z"}, "references": [{"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/22538-security-advisory-0124"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. Fixed versions are as follows for each product:</p><div>&nbsp;</div><div><b>Danz Monitoring Fabric</b></div><ol><ol><ul><li>DMF 8.7.1 and later releases in the 8.7.x train</li><li>DMF 8.6.2 and later releases in the 8.6.x train</li><li>DMF 8.5.3 and later releases in the 8.5.x train</li><li>DMF 8.4.6 and later releases in the 8.4.x train.</li></ul></ol></ol><div>&nbsp;</div><div><b>Converged Cloud Fabric</b></div><ol><ol><ul><li>CCF 6.2.5 and later releases in the 6.2.x train</li></ul></ol></ol><div>&nbsp;</div><div><b>Cloud Vision Appliance</b></div><ol><ol><ul><li>CVA 7.1.0 and later releases in the CVA 7.x train</li></ul></ol></ol><div>&nbsp;</div><div><b>Multi-Cloud Director</b></div><ol><ol><ul><li>MCD 2.4.1 and later releases in the 2.4.x train</li></ul></ol></ol>"}], "value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. Fixed versions are as follows for each product:\n\n\u00a0\n\nDanz Monitoring Fabric\n\n * DMF 8.7.1 and later releases in the 8.7.x train\n * DMF 8.6.2 and later releases in the 8.6.x train\n * DMF 8.5.3 and later releases in the 8.5.x train\n * DMF 8.4.6 and later releases in the 8.4.x train.\n\n\n\u00a0\n\nConverged Cloud Fabric\n\n * CCF 6.2.5 and later releases in the 6.2.x train\n\n\n\u00a0\n\nCloud Vision Appliance\n\n * CVA 7.1.0 and later releases in the CVA 7.x train\n\n\n\u00a0\n\nMulti-Cloud Director\n\n * MCD 2.4.1 and later releases in the 2.4.x train"}], "source": {"advisory": "124", "defect": ["BUG1121566", "BSC-20815"], "discovery": "INTERNAL"}, "title": "Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A downloaded upgrade image can be manually checked against the hash values published on </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/support/software-download\">arista.com</a><span style=\"background-color: rgb(255, 255, 255);\">.</span><br><span style=\"background-color: rgb(255, 255, 255);\">If the published hash values do not match those of the image this is a potential indicator of compromise.</span><br>"}], "value": "A downloaded upgrade image can be manually checked against the hash values published on arista.com https://www.arista.com/support/software-download .\nIf the published hash values do not match those of the image this is a potential indicator of compromise."}], "x_generator": {"engine": "Vulnogram 0.4.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-30T14:12:50.353170Z", "id": "CVE-2025-54549", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-30T14:12:59.838Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-54549", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-30T14:12:50.353170Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-30T14:12:54.368Z"}}], "cna": {"title": "Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO", "source": {"defect": ["BUG1121566", "BSC-20815"], "advisory": "124", "discovery": "INTERNAL"}, "impacts": [{"capecId": "CAPEC-186", "descriptions": [{"lang": "en", "value": "CAPEC-186 Malicious Software Update"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Arista Networks", "product": "DANZ Monitoring Fabric", "versions": [{"status": "affected", "version": "0", "versionType": "custom"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "DMF 8.6.1"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "DMF 8.5.2"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "CCF 6.2.4"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "CVA 7.0"}, {"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "MCD 2.4.0"}], "platforms": ["DCA-350E-CV", "DCA-300-CV", "DCA-250-CV", "DCA-200-CV", "Arista Converged Cloud Fabric", "Arista DANZ Monitoring Fabric", "Arista Multi-Cloud Director"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. Fixed versions are as follows for each product:\n\n\u00a0\n\nDanz Monitoring Fabric\n\n * DMF 8.7.1 and later releases in the 8.7.x train\n * DMF 8.6.2 and later releases in the 8.6.x train\n * DMF 8.5.3 and later releases in the 8.5.x train\n * DMF 8.4.6 and later releases in the 8.4.x train.\n\n\n\u00a0\n\nConverged Cloud Fabric\n\n * CCF 6.2.5 and later releases in the 6.2.x train\n\n\n\u00a0\n\nCloud Vision Appliance\n\n * CVA 7.1.0 and later releases in the CVA 7.x train\n\n\n\u00a0\n\nMulti-Cloud Director\n\n * MCD 2.4.1 and later releases in the 2.4.x train", "supportingMedia": [{"type": "text/html", "value": "<p>The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. Fixed versions are as follows for each product:</p><div>&nbsp;</div><div><b>Danz Monitoring Fabric</b></div><ol><ol><ul><li>DMF 8.7.1 and later releases in the 8.7.x train</li><li>DMF 8.6.2 and later releases in the 8.6.x train</li><li>DMF 8.5.3 and later releases in the 8.5.x train</li><li>DMF 8.4.6 and later releases in the 8.4.x train.</li></ul></ol></ol><div>&nbsp;</div><div><b>Converged Cloud Fabric</b></div><ol><ol><ul><li>CCF 6.2.5 and later releases in the 6.2.x train</li></ul></ol></ol><div>&nbsp;</div><div><b>Cloud Vision Appliance</b></div><ol><ol><ul><li>CVA 7.1.0 and later releases in the CVA 7.x train</li></ul></ol></ol><div>&nbsp;</div><div><b>Multi-Cloud Director</b></div><ol><ol><ul><li>MCD 2.4.1 and later releases in the 2.4.x train</li></ul></ol></ol>", "base64": false}]}], "datePublic": "2025-10-22T15:00:00.000Z", "references": [{"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/22538-security-advisory-0124"}], "workarounds": [{"lang": "en", "value": "A downloaded upgrade image can be manually checked against the hash values published on arista.com https://www.arista.com/support/software-download .\nIf the published hash values do not match those of the image this is a potential indicator of compromise.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">A downloaded upgrade image can be manually checked against the hash values published on </span><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/support/software-download\">arista.com</a><span style=\"background-color: rgb(255, 255, 255);\">.</span><br><span style=\"background-color: rgb(255, 255, 255);\">If the published hash values do not match those of the image this is a potential indicator of compromise.</span><br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.4.0"}, "descriptions": [{"lang": "en", "value": "Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-347", "description": "CWE-347 Improper Verification of Cryptographic Signature"}]}], "configurations": [{"lang": "en", "value": "The operator must attempt to install a tampered software upgrade image.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">The operator must attempt to install a tampered software upgrade image.</span><br>", "base64": false}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-350e-cv:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-300-cv:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-250-cv:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:dca-200-cv:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_converged_cloud_fabric:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_danz_monitoring_fabric:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:0:*:arista_multi-cloud_director:*:*:*:*:*", "vulnerable": true}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.6.1", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "dmf_8.5.2", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "ccf_6.2.4", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "cva_7.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-350e-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-300-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-250-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:dca-200-cv:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_converged_cloud_fabric:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_danz_monitoring_fabric:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0"}, {"criteria": "cpe:2.3:a:arista_networks:danz_monitoring_fabric:*:*:arista_multi-cloud_director:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "mcd_2.4.0", "versionStartIncluding": "0"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "shortName": "Arista", "dateUpdated": "2025-10-29T22:55:54.433Z"}}}, "cveMetadata": {"cveId": "CVE-2025-54549", "state": "PUBLISHED", "dateUpdated": "2025-10-30T14:12:59.838Z", "dateReserved": "2025-07-24T18:47:24.387Z", "assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "datePublished": "2025-10-29T22:55:54.433Z", "assignerShortName": "Arista"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO"}], "id": "CVE-2025-54549", "lastModified": "2025-10-30T15:03:13.440", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 4.0, "source": "psirt@arista.com", "type": "Secondary"}]}, "published": "2025-10-29T23:16:19.227", "references": [{"source": "psirt@arista.com", "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/22538-security-advisory-0124"}], "sourceIdentifier": "psirt@arista.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-347"}], "source": "psirt@arista.com", "type": "Secondary"}]}

{}