CVE-2025-0505

On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state

Description

On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that CloudVision as-a-Service is not affected.

INFO

Published Date :

2025-05-08T18:37:13.981Z

Last Modified :

2025-05-08T18:56:19.850Z

Source :

Arista

AFFECTED PRODUCTS

The following products are affected by CVE-2025-0505 vulnerability.

Vendors	Products
Arista	Cloudvision Portal

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-0505.

URL	Resource
https://www.arista.com/en/support/advisories-notices/security-advisory/21315-security-advisory-0115

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact