On affected platforms running Arista EOS, maliciously formed UDP packets...

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Description

On affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503 may be accepted by EOS. UDP Port 3503 is associated with LspPing Echo Reply. This can result in unexpected behaviors, especially for UDP based services that do not perform some form of authentication.

Basic Information

ID CVE-2025-6188

Source Arista

Published Aug 25, 2025 at 20:14

Affected Product

Vendor Arista Networks

Product EOS

Version 4.33.0

Affected Versions Arista Networks EOS 4.33.0
Arista Networks EOS 4.33.1.0
Arista Networks EOS 4.32.4.0
Arista Networks EOS 4.31.0
Arista Networks EOS 4.30.0

References

www.arista.com /en/support/advisories-notices/security-advisory/22021-security-advisory-0121

{
    "lastseen": "",
    "description": "On affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503 may be accepted by EOS. UDP Port 3503 is associated with LspPing Echo Reply. This can result in unexpected behaviors, especially for UDP based services that do not perform some form of authentication.",
    "published": "2025-08-25T20:14:23.427Z",
    "modified": "2025-08-25T20:14:23.427Z",
    "type": "cve",
    "title": "On affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503 may be accepted by EOS. UDP Port 3503 is associated with LspPing Echo Reply. This can result in unexpected behaviors, especially for UDP based services that do n",
    "source": "Arista",
    "references": "https://www.arista.com/en/support/advisories-notices/security-advisory/22021-security-advisory-0121",
    "id": "CVE-2025-6188",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Arista Networks EOS 4.33.0\nArista Networks EOS 4.33.1.0\nArista Networks EOS 4.32.4.0\nArista Networks EOS 4.31.0\nArista Networks EOS 4.30.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "EOS",
    "version": "4.33.0",
    "vendor": "Arista Networks",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

On affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503 may be accepted by EOS. UDP Port 3503 is associated with LspPing Echo Reply. This can result in unexpected behaviors, especially for UDP based services that do n_CVE-2025-6188

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply