CVE-2025-7048

Summary

On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly. Continuous receipt of these packets with certain MACsec configurations can cause longer term disruption of dataplane traffic.

Affected Software

VendorProductVersion RangeStatus
Arista NetworksEOS4.34.3.0 <= 4.34.3.1Maffected
Arista NetworksEOS4.33.0 <= 4.33.5Maffected
Arista NetworksEOS4.32.0 <= 4.32.7Maffected
Arista NetworksEOS4.31.0 <= 4.31.9Maffected
Arista NetworksEOS0 < 4.30.0affected

Weaknesses

  • CWE-805: CWE-805

Workarounds

There is no known work around to keep MACsec running and make it not susceptible to the security issue. MACsec would need to be disabled to eliminate the issue.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References