CVE-2025-54547

Summary

On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions (e.g, scp, sftp) multiplexed onto the same channel could perform file-system operations after a configured session timeout expired

Affected Software

VendorProductVersion RangeStatus
Arista NetworksDANZ Monitoring Fabric0affected
Arista NetworksDANZ Monitoring Fabric0 <= DMF 8.6.1affected
Arista NetworksDANZ Monitoring Fabric0 <= DMF 8.5.2affected
Arista NetworksDANZ Monitoring Fabric0 <= CCF 6.2.4affected
Arista NetworksDANZ Monitoring Fabric0 <= CVA 7.0affected
Arista NetworksDANZ Monitoring Fabric0 <= MCD 2.4.0affected

Weaknesses

  • CWE-613: CWE-613

Workarounds

No known mitigation

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References