CVE-2025-25042: Authenticated Access Control Vulnerability allows Sensitive Information Disclosure in AOS-CX REST Interface
First published: Tue Mar 18 2025(Updated: )
A vulnerability in the AOS-CX REST interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation could allow an attacker to read encrypted credentials of other users on the switch, potentially leading to further unauthorized access or data breaches.
Credit: security-alert@hpe.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Arista AOS-CX |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-25042?
CVE-2025-25042 is classified as a medium severity vulnerability.
How do I fix CVE-2025-25042?
To fix CVE-2025-25042, it is recommended to update the AOS-CX software to the latest version provided by Arista.
Who is affected by CVE-2025-25042?
CVE-2025-25042 affects users of Arista AOS-CX with authenticated remote access capabilities.
What type of information can be exposed by CVE-2025-25042?
CVE-2025-25042 can expose sensitive information, including encrypted credentials of other users on the switch.
Can CVE-2025-25042 be exploited by unauthenticated users?
No, CVE-2025-25042 requires an authenticated remote attacker with low privileges to exploit the vulnerability.
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/references
- agent/type
- agent/first-publish-date
- agent/description
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/severity
- agent/author
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/weakness
- agent/event
- vendor/arista
- canonical/arista aos-cx