CVE-2025-0505: On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state
First published: Thu May 08 2025(Updated: )
On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that CloudVision as-a-Service is not affected.
Credit: psirt@arista.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Arista CloudVision |
Remedy
The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see Upgrade | Setup Guide | Arista CloudVision 2024.3 Help Center https://www.arista.io/help/2024.3/articles/dXBncmFkZS5BbGwudXBncmFkZQ==#dXBncmFkZUN2cA==-upgrading-a-cluster CVE-2025-0505 has been fixed in the following releases: * 2024.2.2 and later releases in the 2024.2.x train * 2024.3.1 and later releases in the 2024.3.x train
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-0505?
CVE-2025-0505 has a critical severity rating due to its potential to grant unauthorized admin privileges.
How do I fix CVE-2025-0505?
To mitigate CVE-2025-0505, ensure you update to the latest version of Arista CloudVision that addresses this vulnerability.
What systems are affected by CVE-2025-0505?
CVE-2025-0505 affects both virtual and physical deployments of Arista CloudVision systems leveraging Zero Touch Provisioning.
What impact can CVE-2025-0505 have on my network?
Exploitation of CVE-2025-0505 could allow an attacker to manipulate the state of devices managed by the Arista CloudVision system.
Are there any known exploits for CVE-2025-0505?
Currently, there are no publicly available exploits for CVE-2025-0505, but the nature of the vulnerability poses a significant risk.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/remedy
- agent/references
- agent/title
- agent/description
- agent/type
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/severity
- agent/author
- agent/last-modified-date
- agent/source
- agent/tags
- agent/event
- vendor/arista
- canonical/arista cloudvision