CVE-2025-0936

CWE-2563 documents3 sources
Severity
6.5MEDIUM
EPSS
0.2%
top 62.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Arista Networks EOS
Timeline
PublishedMay 7
Latest updateMay 8

Description

On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly on other remote accounting servers (i.e. TACACS, RADIUS, etc).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

CVEListV5arista_networks/eos4.33.04.33.1+3

🔴Vulnerability Details

2
GHSA
GHSA-gpmf-hwm2-x2mq: On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote serve2025-05-08
CVEList
On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be 2025-05-07
CVE-2025-0936 (MEDIUM CVSS 6.5) | On affected platforms running Arist | cvebase.io