CVE-2025-3456Log File Information Exposure in Networks EOS

CWE-532Log File Information Exposure3 documents3 sources
Severity
3.8LOWNVD
EPSS
0.0%
top 98.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Arista Networks EOS
Timeline
PublishedAug 25
Latest updateAug 26

Description

On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and protocol specific encrypted secrets from the device running-config could then be used to obtain protocol specific passwords in cases where symmetric passwords are required between devices with neighbor protocol relationships.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:NExploitability: 2.0 | Impact: 1.4

Affected Packages1 packages

CVEListV5arista_networks/eos4.33.04.33.3F+5

🔴Vulnerability Details

2
GHSA
GHSA-qx5m-jj5c-5j9v: On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting lo2025-08-26
CVEList
On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and proto2025-08-25
CVE-2025-3456 — Log File Information Exposure | cvebase