CVE-2025-2826

CWE-12843 documents3 sources
Severity
2.6LOW
EPSS
0.1%
top 79.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Arista Networks EOS
Timeline
PublishedMay 27
Latest updateMay 28

Description

n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets. This can cause incoming packets to incorrectly be allowed or denied. The two symptoms of this issue on the affected release and platform are: * Packets which should be permitted may be dropped and, * Packets which should be dropped may be perm

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 1.2 | Impact: 1.4

Affected Packages1 packages

CVEListV5arista_networks/eos4.33.2F

🔴Vulnerability Details

2
GHSA
GHSA-6f46-73v7-w4mr: n affected platforms running Arista EOS, ACL policies may not be enforced2025-05-28
CVEList
n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result 2025-05-27
CVE-2025-2826 (LOW CVSS 2.6) | n affected platforms running Arista | cvebase.io