Arista EOS Devices Vulnerable to Unauthorized Data Access and Configuration Changes

Summary: Arista Networks has issued a security advisory regarding two critical vulnerabilities in its Extensible Operating System (EOS) software, namely CVE-2025-1259 and CVE-2025-1260. These vulnerabilities may allow unauthorized access to sensitive data and enable attackers to make unauthorized configuration changes on affected devices. Users are advised to upgrade to the latest EOS versions or apply mitigation strategies to secure their networks.

Affected: Arista Networks EOS software on various devices including the 710 Series, 720D Series, and more.

Keypoints :

Vulnerabilities CVE-2025-1259 and CVE-2025-1260 impact certain versions of Arista EOS, allowing unauthorized data access and configuration changes.
CVSS scores indicate CVE-2025-1259 at 7.1 and CVE-2025-1260 at 9.1, with the latter posing a higher security risk.
Arista has issued patched versions and recommends immediate upgrades; alternative mitigations are available for those unable to upgrade at once.

Source: https://securityonline.info/arista-eos-devices-vulnerable-to-unauthorized-data-access-and-configuration-changes-cve-2025-1259-cve-2025-1260/

Tags: CVE, IMPACT