Cryptographic validation of upgrade images could be circumventing by dropping...

5.9 / 10

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N

Description

Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO

Basic Information

ID CVE-2025-54549

Source Arista

Published Oct 29, 2025 at 22:55

Affected Product

Vendor Arista Networks

Product DANZ Monitoring Fabric

Affected Versions Arista Networks DANZ Monitoring Fabric 0
Arista Networks DANZ Monitoring Fabric 0
Arista Networks DANZ Monitoring Fabric 0
Arista Networks DANZ Monitoring Fabric 0
Arista Networks DANZ Monitoring Fabric 0
Arista Networks DANZ Monitoring Fabric 0

CWE Classification

CWE-347

References

www.arista.com /en/support/advisories-notices/security-advisory/22538-security-advisory-0124

{
    "lastseen": "",
    "description": "Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO",
    "published": "2025-10-29T22:55:54.433Z",
    "modified": "2025-10-29T22:55:54.433Z",
    "type": "cve",
    "title": "Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO",
    "source": "Arista",
    "references": "https://www.arista.com/en/support/advisories-notices/security-advisory/22538-security-advisory-0124",
    "id": "CVE-2025-54549",
    "bulletinFamily": "",
    "cwe": [
        "CWE-347"
    ],
    "cvelist": null,
    "sourceData": "Arista Networks DANZ Monitoring Fabric 0\nArista Networks DANZ Monitoring Fabric 0\nArista Networks DANZ Monitoring Fabric 0\nArista Networks DANZ Monitoring Fabric 0\nArista Networks DANZ Monitoring Fabric 0\nArista Networks DANZ Monitoring Fabric 0",
    "sourceHref": "",
    "cvss": {
        "score": 5.9,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DANZ Monitoring Fabric",
    "version": "0",
    "vendor": "Arista Networks",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO_CVE-2025-54549