CVE-2025-54548

Summary

On affected platforms, restricted users could view sensitive portions of the config database via a debug API (e.g., user password hashes)

Affected Software

VendorProductVersion RangeStatus
Arista NetworksDANZ Monitoring Fabric0affected
Arista NetworksDANZ Monitoring Fabric0 <= DMF 8.6.1affected
Arista NetworksDANZ Monitoring Fabric0 <= DMF 8.5.2affected
Arista NetworksDANZ Monitoring Fabric0 <= CCF 6.2.4affected
Arista NetworksDANZ Monitoring Fabric0 <= CVA 7.0affected
Arista NetworksDANZ Monitoring Fabric0 <= MCD 2.4.0affected

Weaknesses

  • CWE-200: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

Workarounds

Disable any restricted users until an upgraded version can be installed.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References