cbcvebase.
CVE-2025-1259
published 2025-03-04

CVE-2025-1259: On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue can result in…

PriorityP344high7.7CVSS 3.1
AVNACLPRLUINSCCHINAN
EPSS
0.33%
24.3th percentile
On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue can result in users retrieving data that should not have been available

Affected

10 ranges
VendorProductVersion rangeFixed in
arista_networkseos4.28.0 – 4.28.12
arista_networkseos4.29.0 – 4.29.9
arista_networkseos4.30.0 – 4.30.8
arista_networkseos4.31.0 – 4.31.5
arista_networkseos4.32.0 – 4.32.3
arista_networkseos4.33.0 – 4.33.1
msrccbl2_nmi_1.8.11-2_on_cbl_mariner_2.0
msrccbl2_nmi_1.8.17-1_on_cbl_mariner_2.0
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64

CVSS provenance

nvdv3.17.7HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
vendor_msrc5.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.