On affected platforms, if SSH session multiplexing was configured on...

5.3 / 10

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Description

On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions (e.g, scp, sftp) multiplexed onto the same channel could perform file-system operations after a configured session timeout expired

Basic Information

ID CVE-2025-54547

Source Arista

Published Oct 29, 2025 at 22:45

Affected Product

Vendor Arista Networks

Product DANZ Monitoring Fabric

Affected Versions Arista Networks DANZ Monitoring Fabric 0
Arista Networks DANZ Monitoring Fabric 0
Arista Networks DANZ Monitoring Fabric 0
Arista Networks DANZ Monitoring Fabric 0
Arista Networks DANZ Monitoring Fabric 0
Arista Networks DANZ Monitoring Fabric 0

CWE Classification

CWE-613

References

www.arista.com /en/support/advisories-notices/security-advisory/22538-security-advisory-0124

{
    "lastseen": "",
    "description": "On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions (e.g, scp, sftp) multiplexed onto the same channel could perform file-system operations after a configured session timeout expired",
    "published": "2025-10-29T22:45:53.499Z",
    "modified": "2025-10-29T22:45:53.499Z",
    "type": "cve",
    "title": "On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions (e.g, scp, sftp) multiplexed onto the same channel could perform file-system operations after a configured session timeout expired",
    "source": "Arista",
    "references": "https://www.arista.com/en/support/advisories-notices/security-advisory/22538-security-advisory-0124",
    "id": "CVE-2025-54547",
    "bulletinFamily": "",
    "cwe": [
        "CWE-613"
    ],
    "cvelist": null,
    "sourceData": "Arista Networks DANZ Monitoring Fabric 0\nArista Networks DANZ Monitoring Fabric 0\nArista Networks DANZ Monitoring Fabric 0\nArista Networks DANZ Monitoring Fabric 0\nArista Networks DANZ Monitoring Fabric 0\nArista Networks DANZ Monitoring Fabric 0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "DANZ Monitoring Fabric",
    "version": "0",
    "vendor": "Arista Networks",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions (e.g, scp, sftp) multiplexed onto the same channel could perform file-system operations after a configured session timeout expired_CVE-2025-54547