github - ghsa-93ww-vwhw-jwxm

GHSA-93WW-VWHW-JWXM

Vulnerability from github – Published: 2025-12-16 21:30 – Updated: 2025-12-16 21:30

Details

This issue was discovered internally by Arista and is not aware of any malicious uses of this issue in customer networks.

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

7.1 (High)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2025-8872"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-16T20:15:49Z",
    "severity": "HIGH"
  },
  "details": "On affected platforms running Arista EOS with OSPFv3 configured, a specially crafted packet can cause the OSFPv3 process to have high CPU utilization which may result in the OSFPv3 process being restarted. This may cause disruption in the OSFPv3 routes on the switch.\n\nThis issue was discovered internally by Arista and is not aware of any malicious uses of this issue in customer networks.",
  "id": "GHSA-93ww-vwhw-jwxm",
  "modified": "2025-12-16T21:30:55Z",
  "published": "2025-12-16T21:30:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8872"
    },
    {
      "type": "WEB",
      "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/23115-security-advisory-0128"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

CVE-2025-8872 (GCVE-0-2025-8872)

Vulnerability from cvelistv5 – Published: 2025-12-16 19:32 – Updated: 2025-12-16 19:51

Summary

On affected platforms running Arista EOS with OSPFv3 configured, a specially crafted packet can cause the OSFPv3 process to have high CPU utilization which may result in the OSFPv3 process being restarted. This may cause disruption in the OSFPv3 routes on the switch. This issue was discovered internally by Arista and is not aware of any malicious uses of this issue in customer networks.

Severity ?

7.1 (High)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

Arista

References

URL

Tags

https://www.arista.com/en/support/advisories-noti…

Impacted products

	Vendor	Product	Version
	Arista Networks	EOS	Affected: 4.34.0 , ≤ 4.34.1F (custom) Affected: 4.33.0 , ≤ 4.33.4M (custom) Affected: 4.32.0 , ≤ 4.32.7M (custom) Affected: 4.31.0 , ≤ 4.31.8M (custom) Affected: 0 , ≤ 4.31.0 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-8872",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-16T19:50:49.156832Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-16T19:51:10.033Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "710/710XP Series",
            "720XP/722XPM Series",
            "750X Series",
            "7010 Series",
            "7010X Series",
            "7020R Series",
            "7130 Series running EOS",
            "7150 Series",
            "7160 Series",
            "7170 Series",
            "7050X/X2/X3/X4 Series",
            "7060X/X2/X4/X5/X6 Series",
            "7250X Series",
            "7260X/X3 Series",
            "7280E/R/R2/R3 Series",
            "7300X/X3 Series",
            "7320X Series",
            "7358X4 Series",
            "7368X4 Series",
            "7388X5 Series",
            "7500E/R/R2/R3 Series",
            "7700R4 Series",
            "7800R3/R4 Series",
            "AWE 5000 Series",
            "AWE 7200R Series",
            "CloudEOS",
            "cEOS-lab",
            "vEOS-lab",
            "CloudVision eXchange",
            "virtual or physical appliance"
          ],
          "product": "EOS",
          "vendor": "Arista Networks",
          "versions": [
            {
              "lessThanOrEqual": "4.34.1F",
              "status": "affected",
              "version": "4.34.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "4.33.4M",
              "status": "affected",
              "version": "4.33.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "4.32.7M",
              "status": "affected",
              "version": "4.32.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "4.31.8M",
              "status": "affected",
              "version": "4.31.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "4.31.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eIn order to be vulnerable to CVE-2025-8872, the following condition must be met:\u003c/p\u003e\u003cp\u003eThe OSFPv3 protocol must be configured in either the default or non default vrf and at least one neighbor must be present\u003c/p\u003e\u003cpre\u003eswitch\u0026gt;show ospfv3\nOSPFv3 address-family ipv6\nRouting Process \"ospfv3\" with ID 192.0.2.0 and Instance 0 VRF default\n  FIPS mode disabled\n  Maximum number of LSAs allowed 0\n    Exceed action disable\n    LSA limit for warning message 75%\n    Disabled-time 5 minutes, clear timeout 5 minutes\n    Incident count 0, incident count limit 5\n  It is an autonomous system boundary router and is not an area border router\n  Minimum LSA arrival interval 1000 msecs\n  Initial LSA throttle delay 1000 msecs\n  Minimum hold time for LSA throttle 5000 msecs\n  Maximum wait time for LSA throttle 5000 msecs\n  It has 1 fully adjacent neighbors\n  Number of areas in this router is 1. 1 normal, 0 stub, 0 nssa\n  Number of LSAs 8\n  Initial SPF schedule delay 0 msecs\n  Minimum hold time between two consecutive SPFs 5000 msecs\n  Current hold time between two consecutive SPFs 5000 msecs\n  Maximum wait time between two consecutive SPFs 5000 msecs\n  SPF algorithm last executed 00:04:52 ago\n  No scheduled SPF\n  Adjacency exchange-start threshold is 20\n  Maximum number of next-hops supported in ECMP is 128\n  Number of backbone neighbors is 0\n  Graceful-restart is not configured\n  Graceful-restart-helper mode is enabled\n  Area 0.0.0.0\n    Number of interface in this area is 1\n    It is a normal area\n    SPF algorithm executed 6 times\n  \nswitch\u0026gt;show ospfv3 neighbor\nOSPFv3 address-family ipv6\nRouting Process \"ospfv3\" Instance 0 VRF default\nNeighbor 192.0.3.0 VRF default priority is 1, state is Full\n  In area 0.0.0.0 interface Ethernet4\n  Adjacency was established 00:00:49 ago\n  Current state was established 00:00:49 ago\n  DR is 3.3.3.3 BDR is 2.2.2.2\n  Options is E R V6\n  Dead timer is due in 29 seconds\n  Graceful-restart-helper mode is Inactive\n  Graceful-restart attempts: 0\n\u003c/pre\u003e\u003cdiv\u003e\u0026nbsp;\u003c/div\u003e\u003cp\u003eIf OSFPv3 is not configured there is no exposure to this issue and the show command will not produce any output\u003c/p\u003e\u003cpre\u003eswitch\u0026gt;show ospfv3\n \nswitch\u0026gt;show ospfv3 neighbor\u003c/pre\u003e\u003cbr\u003e"
            }
          ],
          "value": "In order to be vulnerable to CVE-2025-8872, the following condition must be met:\n\nThe OSFPv3 protocol must be configured in either the default or non default vrf and at least one neighbor must be present\n\nswitch\u003eshow ospfv3\nOSPFv3 address-family ipv6\nRouting Process \"ospfv3\" with ID 192.0.2.0 and Instance 0 VRF default\n  FIPS mode disabled\n  Maximum number of LSAs allowed 0\n    Exceed action disable\n    LSA limit for warning message 75%\n    Disabled-time 5 minutes, clear timeout 5 minutes\n    Incident count 0, incident count limit 5\n  It is an autonomous system boundary router and is not an area border router\n  Minimum LSA arrival interval 1000 msecs\n  Initial LSA throttle delay 1000 msecs\n  Minimum hold time for LSA throttle 5000 msecs\n  Maximum wait time for LSA throttle 5000 msecs\n  It has 1 fully adjacent neighbors\n  Number of areas in this router is 1. 1 normal, 0 stub, 0 nssa\n  Number of LSAs 8\n  Initial SPF schedule delay 0 msecs\n  Minimum hold time between two consecutive SPFs 5000 msecs\n  Current hold time between two consecutive SPFs 5000 msecs\n  Maximum wait time between two consecutive SPFs 5000 msecs\n  SPF algorithm last executed 00:04:52 ago\n  No scheduled SPF\n  Adjacency exchange-start threshold is 20\n  Maximum number of next-hops supported in ECMP is 128\n  Number of backbone neighbors is 0\n  Graceful-restart is not configured\n  Graceful-restart-helper mode is enabled\n  Area 0.0.0.0\n    Number of interface in this area is 1\n    It is a normal area\n    SPF algorithm executed 6 times\n  \nswitch\u003eshow ospfv3 neighbor\nOSPFv3 address-family ipv6\nRouting Process \"ospfv3\" Instance 0 VRF default\nNeighbor 192.0.3.0 VRF default priority is 1, state is Full\n  In area 0.0.0.0 interface Ethernet4\n  Adjacency was established 00:00:49 ago\n  Current state was established 00:00:49 ago\n  DR is 3.3.3.3 BDR is 2.2.2.2\n  Options is E R V6\n  Dead timer is due in 29 seconds\n  Graceful-restart-helper mode is Inactive\n  Graceful-restart attempts: 0\n\n\n\u00a0\n\nIf OSFPv3 is not configured there is no exposure to this issue and the show command will not produce any output\n\nswitch\u003eshow ospfv3\n \nswitch\u003eshow ospfv3 neighbor"
        }
      ],
      "datePublic": "2025-12-16T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eOn affected platforms running Arista EOS with OSPFv3 configured, a specially crafted packet can cause the OSFPv3 process to have high CPU utilization which may result in the OSFPv3 process being restarted. This may cause disruption in the OSFPv3 routes on the switch.\u003c/p\u003e\u003cp\u003eThis issue was discovered internally by Arista and is not aware of any malicious uses of this issue in customer networks.\u003c/p\u003e\u003cbr\u003e"
            }
          ],
          "value": "On affected platforms running Arista EOS with OSPFv3 configured, a specially crafted packet can cause the OSFPv3 process to have high CPU utilization which may result in the OSFPv3 process being restarted. This may cause disruption in the OSFPv3 routes on the switch.\n\nThis issue was discovered internally by Arista and is not aware of any malicious uses of this issue in customer networks."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-130",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-130 Excessive Allocation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400 Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-16T19:32:20.528Z",
        "orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
        "shortName": "Arista"
      },
      "references": [
        {
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/23115-security-advisory-0128"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe recommended resolution is to upgrade to a remediated software version at your earliest convenience.\u003c/p\u003e\u003cp\u003eArista recommends customers move to the latest version of each release that contains all the fixes listed below.\u003c/p\u003e\u003cp\u003eFor more information about upgrading see: \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\"\u003eEOS User Manual: Upgrades and Downgrades\u003c/a\u003e\u003c/p\u003e\u003cdiv\u003eCVE-2025-8872 has been fixed in the following releases:\u003c/div\u003e\u003cul\u003e\u003cli\u003e4.34.2F and later releases in the 4.34.x train\u003c/li\u003e\u003cli\u003e4.33.5M and later releases in the 4.33.x train\u003c/li\u003e\u003cli\u003e4.32.8M and later releases in the 4.32.x train\u003c/li\u003e\u003cli\u003e4.31.9M and later releases in the 4.31.x train\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cbr\u003e"
            }
          ],
          "value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience.\n\nArista recommends customers move to the latest version of each release that contains all the fixes listed below.\n\nFor more information about upgrading see:  EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\nCVE-2025-8872 has been fixed in the following releases:\n\n  *  4.34.2F and later releases in the 4.34.x train\n  *  4.33.5M and later releases in the 4.33.x train\n  *  4.32.8M and later releases in the 4.32.x train\n  *  4.31.9M and later releases in the 4.31.x train"
        }
      ],
      "source": {
        "advisory": "128",
        "defect": [
          "BUG1203059"
        ],
        "discovery": "INTERNAL"
      },
      "title": "A specially crafted packet can cause the OSFPv3 process to have high CPU utilization which may result in the OSFPv3 process being restarted",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThere is no workaround to mitigate the issue.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "There is no workaround to mitigate the issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
    "assignerShortName": "Arista",
    "cveId": "CVE-2025-8872",
    "datePublished": "2025-12-16T19:32:20.528Z",
    "dateReserved": "2025-08-11T18:18:36.004Z",
    "dateUpdated": "2025-12-16T19:51:10.033Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-93WW-VWHW-JWXM

CVE-2025-8872 (GCVE-0-2025-8872)

Tags

Sightings

Nomenclature