CVE-2025-8872
Unknown Unknown - Not Provided
OSPFv3 Packet Causes High CPU, Process Restart in Arista EOS

Publication date: 2025-12-16

Last updated on: 2025-12-16

Assigner: Arista Networks, Inc.

Description
On affected platforms running Arista EOS with OSPFv3 configured, a specially crafted packet can cause the OSFPv3 process to have high CPU utilization which may result in the OSFPv3 process being restarted. This may cause disruption in the OSFPv3 routes on the switch. This issue was discovered internally by Arista and is not aware of any malicious uses of this issue in customer networks.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-16
Last Modified
2025-12-16
Generated
2026-06-16
AI Q&A
2025-12-16
EPSS Evaluated
2026-06-15
NVD
CVE-2025-8872
EUVD
EUVD-2025-203841
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
arista eos *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-400 The product does not properly control the allocation and maintenance of a limited resource.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability affects Arista EOS devices running OSPFv3. A specially crafted packet can cause the OSPFv3 process to consume high CPU resources, potentially leading to the OSPFv3 process restarting. This restart can disrupt OSPFv3 routing on the affected switch.

Impact Analysis

The vulnerability can cause high CPU utilization on the OSPFv3 process, which may lead to the process restarting. This can disrupt OSPFv3 routing on the switch, potentially causing network instability or outages in routing for devices relying on OSPFv3 on the affected switch.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-8872. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart