Arista EOS Dataplane Denial of Service via Malformed IPsec Packet

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Description

On affected platforms running Arista EOS with IPsec configured, a specially crafted packet can cause the dataplane to stop processing all IPsec traffic. The control plane may detect this condition, and attempt to reset the IPsec processing pipeline. After reset traffic may not resume being processed. There is no impact to non-IPsec traffic or to IPsec traffic not originating or terminating on the system. This issue was reported by an Arista customer.

Basic Information

ID CVE-2025-8873

Source Arista

Published Jun 4, 2026 at 23:04

Affected Product

Vendor Arista Networks

Product EOS

Version 4.33.0M

Affected Versions Arista Networks EOS 4.33.0M
Arista Networks EOS 4.32.0M
Arista Networks EOS 4.31.0M
Arista Networks EOS 4.30.0M
Arista Networks EOS 4.29.0M

CWE Classification

CWE-1286

References

www.arista.com /en/support/advisories-notices/security-advisory/22869-security-advisory-0127

{
    "lastseen": "",
    "description": "On affected platforms running Arista EOS with IPsec configured, a specially crafted packet can cause the dataplane to stop processing all IPsec traffic. The control plane may detect this condition, and attempt to reset the IPsec processing pipeline. After reset traffic may not resume being processed. There is no impact to non-IPsec traffic or to IPsec traffic not originating or terminating on the system. This issue was reported by an Arista customer.",
    "published": "2026-06-04T23:04:56.535Z",
    "modified": "2026-06-04T23:04:56.535Z",
    "type": "cve",
    "title": "Arista EOS Dataplane Denial of Service via Malformed IPsec Packet",
    "source": "Arista",
    "references": "https://www.arista.com/en/support/advisories-notices/security-advisory/22869-security-advisory-0127",
    "id": "CVE-2025-8873",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1286"
    ],
    "cvelist": null,
    "sourceData": "Arista Networks EOS 4.33.0M\nArista Networks EOS 4.32.0M\nArista Networks EOS 4.31.0M\nArista Networks EOS 4.30.0M\nArista Networks EOS 4.29.0M",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "EOS",
    "version": "4.33.0M",
    "vendor": "Arista Networks",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Arista EOS Dataplane Denial of Service via Malformed IPsec Packet_CVE-2025-8873