CVE-2025-8873
BaseFortify
Publication date: 2026-06-04
Last updated on: 2026-06-04
Assigner: Arista Networks, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| arista | eos | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1286 | The product receives input that is expected to be well-formed - i.e., to comply with a certain syntax - but it does not validate or incorrectly validates that the input complies with the syntax. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability affects Arista EOS platforms running IPsec. A specially crafted packet can cause the dataplane to stop processing all IPsec traffic. Although the control plane may detect this and attempt to reset the IPsec processing pipeline, traffic may still not resume processing after the reset. Non-IPsec traffic and IPsec traffic not originating or terminating on the system are not impacted.
How can this vulnerability impact me? :
The vulnerability can cause a denial of service for IPsec traffic on affected Arista EOS systems, meaning that IPsec traffic may stop being processed entirely. This could disrupt secure communications that rely on IPsec, potentially impacting network security and availability for systems depending on this traffic.