CVE-2025-54545

Summary

On affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges.

Affected Software

VendorProductVersion RangeStatus
Arista NetworksDANZ Monitoring Fabric0affected
Arista NetworksDANZ Monitoring Fabric0 <= DMF 8.6.1affected
Arista NetworksDANZ Monitoring Fabric0 <= DMF 8.5.2affected
Arista NetworksDANZ Monitoring Fabric0 <= CCF 6.2.4affected
Arista NetworksDANZ Monitoring Fabric0 <= CVA 7.0affected
Arista NetworksDANZ Monitoring Fabric0 <= MCD 2.4.0affected

Weaknesses

  • CWE-732: CWE-732

Workarounds

Disable any non-administrator users until an upgraded version can be installed.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References