CVE-2025-1259

On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue can result in users retrieving data that should not have been available

CVSS v3 7.7 HIGH

7.7^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.1 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://www.arista.com/en/support/advisories-notices/security-advisory/21098-security-advisory-0111

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) En las plataformas afectadas que ejecutan Arista EOS con OpenConfig configurado, se puede ejecutar una solicitud gNOI cuando debería haber sido rechazada. Este problema puede provocar que los usuarios recuperen datos que no deberían haber estado disponibles

04 Mar 2025, 20:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-04 20:15

Updated : 2026-06-17 08:38

NVD link : CVE-2025-1259

Mitre link : CVE-2025-1259

CVE.ORG link : CVE-2025-1259

JSON object : View

Products Affected

No product.

CWE

CWE-284

Improper Access Control

{"id": "CVE-2025-1259", "cveTags": [], "metrics": {"ssvcV203": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "ssvcData": {"id": "CVE-2025-1259", "role": "CISA Coordinator", "options": [{"exploitation": "none"}, {"automatable": "no"}, {"technicalImpact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-04T20:12:13.556121Z"}}], "cvssMetricV31": [{"type": "Secondary", "source": "psirt@arista.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 3.1}]}, "affected": [{"source": "psirt@arista.com", "affectedData": [{"vendor": "Arista Networks", "product": "EOS", "versions": [{"status": "affected", "version": "4.33.0", "versionType": "custom", "lessThanOrEqual": "4.33.1"}, {"status": "affected", "version": "4.32.0", "versionType": "custom", "lessThanOrEqual": "4.32.3"}, {"status": "affected", "version": "4.31.0", "versionType": "custom", "lessThanOrEqual": "4.31.5"}, {"status": "affected", "version": "4.30.0", "versionType": "custom", "lessThanOrEqual": "4.30.8"}, {"status": "affected", "version": "4.29.0", "versionType": "custom", "lessThanOrEqual": "4.29.9"}, {"status": "affected", "version": "4.28.0", "versionType": "custom", "lessThanOrEqual": "4.28.12"}], "defaultStatus": "unaffected"}]}], "published": "2025-03-04T20:15:37.003", "references": [{"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/21098-security-advisory-0111", "source": "psirt@arista.com"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "psirt@arista.com", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue\u00a0can result in users retrieving data that should not have been available"}, {"lang": "es", "value": "En las plataformas afectadas que ejecutan Arista EOS con OpenConfig configurado, se puede ejecutar una solicitud gNOI cuando deber\u00eda haber sido rechazada. Este problema puede provocar que los usuarios recuperen datos que no deber\u00edan haber estado disponibles"}], "lastModified": "2026-06-17T08:38:41.613", "sourceIdentifier": "psirt@arista.com"}