CVE-2025-5090
Awaiting Analysis Awaiting Analysis - Queue
CVX Cluster DoS via Malicious Switch Messages

Publication date: 2026-06-05

Last updated on: 2026-06-05

Assigner: Arista Networks, Inc.

Description
CVX is not resilient to unexpected messages from a connected switch. This leads to agent crashes on CVX causing instability in the CVX cluster. An attacker could use this behavior to create a denial of service (DoS) scenario. Note that this would require the attacker to have a high privilege access to the connected switch to be able to send custom TCP packets to the CVX.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-05
Last Modified
2026-06-05
Generated
2026-06-27
AI Q&A
2026-06-05
EPSS Evaluated
2026-06-25
NVD
CVE-2025-5090
EUVD
EUVD-2025-210076
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
arista cvx *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability occurs because CVX is not resilient to unexpected messages from a connected switch. When such unexpected messages are received, the CVX agent crashes, causing instability in the CVX cluster.

An attacker with high privilege access to the connected switch could exploit this by sending custom TCP packets to CVX, triggering these crashes.

This behavior can be used to create a denial of service (DoS) scenario against the CVX cluster.

Impact Analysis

The primary impact of this vulnerability is the potential for denial of service (DoS) attacks against the CVX cluster.

If exploited, the CVX agent crashes and the cluster becomes unstable, which could disrupt network operations relying on CVX.

However, exploitation requires the attacker to have high privilege access to the connected switch, which limits the attack surface.

Mitigation Strategies

To mitigate this vulnerability, ensure that only highly privileged and trusted users have access to the connected switch, as the attacker requires high privilege to send custom TCP packets to the CVX.

Additionally, monitor and restrict unexpected or custom TCP traffic from the connected switch to the CVX to prevent potential denial of service attacks.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-5090. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart