CVE-2025-8872

CWE-400Uncontrolled Resource Consumption3 documents3 sources
Severity
7.1HIGH
EPSS
0.0%
top 91.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Arista Networks EOS
Timeline
PublishedDec 16

Description

On affected platforms running Arista EOS with OSPFv3 configured, a specially crafted packet can cause the OSFPv3 process to have high CPU utilization which may result in the OSFPv3 process being restarted. This may cause disruption in the OSFPv3 routes on the switch. This issue was discovered internally by Arista and is not aware of any malicious uses of this issue in customer networks.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages1 packages

CVEListV5arista_networks/eos4.34.04.34.1F+4

🔴Vulnerability Details

2
CVEList
A specially crafted packet can cause the OSFPv3 process to have high CPU utilization which may result in the OSFPv3 process being restarted2025-12-16
GHSA
GHSA-93ww-vwhw-jwxm: On affected platforms running Arista EOS with OSPFv3 configured, a specially crafted packet can cause the OSFPv3 process to have high CPU utilization2025-12-16
CVE-2025-8872 (HIGH CVSS 7.1) | On affected platforms running Arist | cvebase.io