- Description
- On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue can result in unexpected configuration/operations being applied to the switch.
- Source
- psirt@arista.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 9.1
- Impact score
- 6
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- psirt@arista.com
- CWE-284
- Hype score
- Not currently trending
🚨 CVE-2025-1260 ⚠️🔴 CRITICAL (9.1) 🏢 Arista Networks - EOS 🏗️ 4.33.0 🔗 https://t.co/XhZiM5yZzX #CyberCron #VulnAlert #InfoSec https://t.co/26EAqejkNt
@cybercronai
6 Mar 2025
23 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-1260: CRITICAL] Beware of a security vulnerability in Arista EOS platforms configured with OpenConfig. Unauthorized gNOI requests can lead to unexpected switch operations.#cybersecurity,#vulnerability https://t.co/dp14WUxntL https://t.co/sBd4fyMf6i
@CveFindCom
4 Mar 2025
40 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Arista Networks warns of critical vulnerabilities (CVE-2025-1259, CVE-2025-1260) in EOS software, risking unauthorized data access and config changes on devices. Upgrade recommended. 🔒 #AristaNetworks #DataSecurity #USA link: https://t.co/pntHu5Owlb https://t.co/90XjlCSCEO
@TweetThreatNews
3 Mar 2025
70 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ Vulnerability Alert: Arista EOS Unauthorized Data Access and Configuration Changes 📅 Timeline: Disclosure: 2025-02-25, Patch: 2025-02-25 📌 Attribution: None known 🆔cveId: CVE-2025-1259, CVE-2025-1260 📊baseScore: 9.1 📏cvssMetrics: AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H… ht
@syedaquib77
3 Mar 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes