{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-7048", "assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "state": "PUBLISHED", "assignerShortName": "Arista", "dateReserved": "2025-07-03T15:30:22.152Z", "datePublished": "2026-01-06T19:15:44.409Z", "dateUpdated": "2026-01-06T19:44:20.519Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["7500R/R2", "7388-8D", "7800/R3/R3A", "722XPM", "720XPM", "750X", "7050X3/X4", "7170", "7280R/R2/R3/R3A/R4", "7289R3", "cEOS-lab", "vEOS-lab"], "product": "EOS", "vendor": "Arista Networks", "versions": [{"lessThanOrEqual": "4.34.3.1M", "status": "affected", "version": "4.34.3.0", "versionType": "custom"}, {"lessThanOrEqual": "4.33.5M", "status": "affected", "version": "4.33.0", "versionType": "custom"}, {"lessThanOrEqual": "4.32.7M", "status": "affected", "version": "4.32.0", "versionType": "custom"}, {"lessThanOrEqual": "4.31.9M", "status": "affected", "version": "4.31.0", "versionType": "custom"}, {"lessThan": "4.30.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>In order to be vulnerable to CVE-2025-7048, the following condition must be met:</p><p>MACsec must be configured with valid keys:</p><pre>switch#show mac security participants\nInterface: EthernetX\n&nbsp; &nbsp; CKN: &lt;ckn&gt;\n&nbsp; &nbsp; &nbsp; Member ID: xxxxxxxxxxxxxxxxxxxxxxxx\n&nbsp; &nbsp; &nbsp; Key management role: &lt;key-server-role&gt;\n&nbsp; &nbsp; &nbsp; Success: &lt;success-status&gt;\n&nbsp; &nbsp; &nbsp; Principal: &lt;principal-status&gt;\n&nbsp; &nbsp; &nbsp; Key type: &lt;key-type&gt;\n \nInterface: EthernetY\n&nbsp; &nbsp; CKN: &lt;ckn&gt;\n&nbsp; &nbsp; &nbsp; Member ID: xxxxxxxxxxxxxxxxxxxxxxxx\n&nbsp; &nbsp; &nbsp; Key management role: &lt;key-server-role&gt;\n&nbsp; &nbsp; &nbsp; Success: &lt;success-status&gt;\n&nbsp; &nbsp; &nbsp; Principal: &lt;principal-status&gt;\n&nbsp; &nbsp; &nbsp; Key type: &lt;key-type&gt;\n</pre><div>&nbsp;</div><p>If MACsec with valid key is not configured there is no exposure to this issue and this command will not show any output:</p><pre>switch#show mac security participants\nswitch#</pre><br>"}], "value": "In order to be vulnerable to CVE-2025-7048, the following condition must be met:\n\nMACsec must be configured with valid keys:\n\nswitch#show mac security participants\nInterface: EthernetX\n\u00a0 \u00a0 CKN: <ckn>\n\u00a0 \u00a0 \u00a0 Member ID: xxxxxxxxxxxxxxxxxxxxxxxx\n\u00a0 \u00a0 \u00a0 Key management role: <key-server-role>\n\u00a0 \u00a0 \u00a0 Success: <success-status>\n\u00a0 \u00a0 \u00a0 Principal: <principal-status>\n\u00a0 \u00a0 \u00a0 Key type: <key-type>\n \nInterface: EthernetY\n\u00a0 \u00a0 CKN: <ckn>\n\u00a0 \u00a0 \u00a0 Member ID: xxxxxxxxxxxxxxxxxxxxxxxx\n\u00a0 \u00a0 \u00a0 Key management role: <key-server-role>\n\u00a0 \u00a0 \u00a0 Success: <success-status>\n\u00a0 \u00a0 \u00a0 Principal: <principal-status>\n\u00a0 \u00a0 \u00a0 Key type: <key-type>\n\n\n\u00a0\n\nIf MACsec with valid key is not configured there is no exposure to this issue and this command will not show any output:\n\nswitch#show mac security participants\nswitch#"}], "datePublic": "2025-12-30T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly. Continuous receipt of these packets with certain MACsec configurations can cause longer term disruption of dataplane traffic.</span><br>"}], "value": "On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly. Continuous receipt of these packets with certain MACsec configurations can cause longer term disruption of dataplane traffic."}], "impacts": [{"capecId": "CAPEC-253", "descriptions": [{"lang": "en", "value": "CAPEC-253 Remote Code Inclusion"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "baseScore": 5.3, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-805", "description": "CWE-805", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "shortName": "Arista", "dateUpdated": "2026-01-06T19:15:44.409Z"}, "references": [{"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/23120-security-advisory-0132"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.<br>For more information about upgrading see <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\">EOS User Manual: Upgrades and Downgrades</a></p><div>CVE-2025-7048 has been fixed in the following releases:</div><ul><li>4.35.0F and later releases</li><li>4.34.4M and later releases in the 4.34.x train </li><li>4.33.6M and later releases in the 4.33.x train</li><li>4.32.8M and later releases in the 4.32.x train</li><li>4.31.10M and later releases in the 4.31.x train</li></ul><br>"}], "value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\nFor more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\nCVE-2025-7048 has been fixed in the following releases:\n\n * 4.35.0F and later releases\n * 4.34.4M and later releases in the 4.34.x train \n * 4.33.6M and later releases in the 4.33.x train\n * 4.32.8M and later releases in the 4.32.x train\n * 4.31.10M and later releases in the 4.31.x train"}], "source": {"advisory": "132", "defect": ["BUG1203696", "BUG1153233"], "discovery": "INTERNAL"}, "title": "On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly. Continuous receipt of these packets with certain MACsec configurations can cause longer term disruption o", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">There is no known work around to keep MACsec running and make it not susceptible to the security issue. MACsec would need to be disabled to eliminate the issue.</span><br>"}], "value": "There is no known work around to keep MACsec running and make it not susceptible to the security issue. MACsec would need to be disabled to eliminate the issue."}], "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-06T19:44:06.659074Z", "id": "CVE-2025-7048", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-06T19:44:20.519Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-7048", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-06T19:44:06.659074Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-06T19:39:24.827Z"}}], "cna": {"title": "On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly. Continuous receipt of these packets with certain MACsec configurations can cause longer term disruption o", "source": {"defect": ["BUG1203696", "BUG1153233"], "advisory": "132", "discovery": "INTERNAL"}, "impacts": [{"capecId": "CAPEC-253", "descriptions": [{"lang": "en", "value": "CAPEC-253 Remote Code Inclusion"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.3, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Arista Networks", "product": "EOS", "versions": [{"status": "affected", "version": "4.34.3.0", "versionType": "custom", "lessThanOrEqual": "4.34.3.1M"}, {"status": "affected", "version": "4.33.0", "versionType": "custom", "lessThanOrEqual": "4.33.5M"}, {"status": "affected", "version": "4.32.0", "versionType": "custom", "lessThanOrEqual": "4.32.7M"}, {"status": "affected", "version": "4.31.0", "versionType": "custom", "lessThanOrEqual": "4.31.9M"}, {"status": "affected", "version": "0", "lessThan": "4.30.0", "versionType": "custom"}], "platforms": ["7500R/R2", "7388-8D", "7800/R3/R3A", "722XPM", "720XPM", "750X", "7050X3/X4", "7170", "7280R/R2/R3/R3A/R4", "7289R3", "cEOS-lab", "vEOS-lab"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.\nFor more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\nCVE-2025-7048 has been fixed in the following releases:\n\n * 4.35.0F and later releases\n * 4.34.4M and later releases in the 4.34.x train \n * 4.33.6M and later releases in the 4.33.x train\n * 4.32.8M and later releases in the 4.32.x train\n * 4.31.10M and later releases in the 4.31.x train", "supportingMedia": [{"type": "text/html", "value": "<p>The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below.<br>For more information about upgrading see <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\">EOS User Manual: Upgrades and Downgrades</a></p><div>CVE-2025-7048 has been fixed in the following releases:</div><ul><li>4.35.0F and later releases</li><li>4.34.4M and later releases in the 4.34.x train </li><li>4.33.6M and later releases in the 4.33.x train</li><li>4.32.8M and later releases in the 4.32.x train</li><li>4.31.10M and later releases in the 4.31.x train</li></ul><br>", "base64": false}]}], "datePublic": "2025-12-30T16:00:00.000Z", "references": [{"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/23120-security-advisory-0132"}], "workarounds": [{"lang": "en", "value": "There is no known work around to keep MACsec running and make it not susceptible to the security issue. MACsec would need to be disabled to eliminate the issue.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">There is no known work around to keep MACsec running and make it not susceptible to the security issue. MACsec would need to be disabled to eliminate the issue.</span><br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly. Continuous receipt of these packets with certain MACsec configurations can cause longer term disruption of dataplane traffic.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly. Continuous receipt of these packets with certain MACsec configurations can cause longer term disruption of dataplane traffic.</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-805", "description": "CWE-805"}]}], "configurations": [{"lang": "en", "value": "In order to be vulnerable to CVE-2025-7048, the following condition must be met:\n\nMACsec must be configured with valid keys:\n\nswitch#show mac security participants\nInterface: EthernetX\n\u00a0 \u00a0 CKN: <ckn>\n\u00a0 \u00a0 \u00a0 Member ID: xxxxxxxxxxxxxxxxxxxxxxxx\n\u00a0 \u00a0 \u00a0 Key management role: <key-server-role>\n\u00a0 \u00a0 \u00a0 Success: <success-status>\n\u00a0 \u00a0 \u00a0 Principal: <principal-status>\n\u00a0 \u00a0 \u00a0 Key type: <key-type>\n \nInterface: EthernetY\n\u00a0 \u00a0 CKN: <ckn>\n\u00a0 \u00a0 \u00a0 Member ID: xxxxxxxxxxxxxxxxxxxxxxxx\n\u00a0 \u00a0 \u00a0 Key management role: <key-server-role>\n\u00a0 \u00a0 \u00a0 Success: <success-status>\n\u00a0 \u00a0 \u00a0 Principal: <principal-status>\n\u00a0 \u00a0 \u00a0 Key type: <key-type>\n\n\n\u00a0\n\nIf MACsec with valid key is not configured there is no exposure to this issue and this command will not show any output:\n\nswitch#show mac security participants\nswitch#", "supportingMedia": [{"type": "text/html", "value": "<p>In order to be vulnerable to CVE-2025-7048, the following condition must be met:</p><p>MACsec must be configured with valid keys:</p><pre>switch#show mac security participants\nInterface: EthernetX\n&nbsp; &nbsp; CKN: &lt;ckn&gt;\n&nbsp; &nbsp; &nbsp; Member ID: xxxxxxxxxxxxxxxxxxxxxxxx\n&nbsp; &nbsp; &nbsp; Key management role: &lt;key-server-role&gt;\n&nbsp; &nbsp; &nbsp; Success: &lt;success-status&gt;\n&nbsp; &nbsp; &nbsp; Principal: &lt;principal-status&gt;\n&nbsp; &nbsp; &nbsp; Key type: &lt;key-type&gt;\n \nInterface: EthernetY\n&nbsp; &nbsp; CKN: &lt;ckn&gt;\n&nbsp; &nbsp; &nbsp; Member ID: xxxxxxxxxxxxxxxxxxxxxxxx\n&nbsp; &nbsp; &nbsp; Key management role: &lt;key-server-role&gt;\n&nbsp; &nbsp; &nbsp; Success: &lt;success-status&gt;\n&nbsp; &nbsp; &nbsp; Principal: &lt;principal-status&gt;\n&nbsp; &nbsp; &nbsp; Key type: &lt;key-type&gt;\n</pre><div>&nbsp;</div><p>If MACsec with valid key is not configured there is no exposure to this issue and this command will not show any output:</p><pre>switch#show mac security participants\nswitch#</pre><br>", "base64": false}]}], "providerMetadata": {"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "shortName": "Arista", "dateUpdated": "2026-01-06T19:15:44.409Z"}}}, "cveMetadata": {"cveId": "CVE-2025-7048", "state": "PUBLISHED", "dateUpdated": "2026-01-06T19:44:20.519Z", "dateReserved": "2025-07-03T15:30:22.152Z", "assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "datePublished": "2026-01-06T19:15:44.409Z", "assignerShortName": "Arista"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly. Continuous receipt of these packets with certain MACsec configurations can cause longer term disruption of dataplane traffic."}], "id": "CVE-2025-7048", "lastModified": "2026-01-08T18:09:23.230", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "psirt@arista.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "ADJACENT", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "psirt@arista.com", "type": "Secondary"}]}, "published": "2026-01-06T20:16:01.253", "references": [{"source": "psirt@arista.com", "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/23120-security-advisory-0132"}], "sourceIdentifier": "psirt@arista.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-805"}], "source": "psirt@arista.com", "type": "Secondary"}]}

{}