CVE-2025-2826: n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled ...

2.6 CVSS

Description

n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets. This can cause incoming packets to incorrectly be allowed or denied. The two symptoms of this issue on the affected release and platform are:

* Packets which should be permitted may be dropped and,
* Packets which should be dropped may be permitted.

Classification

CVE ID: CVE-2025-2826

CVSS Base Severity: LOW

CVSS Base Score: 2.6

CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

Problem Types

CWE-1284 Improper Validation of Specified Quantity in Input

Affected Products

Vendor: Arista Networks

Product: EOS

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.02% (probability of being exploited)

EPSS Percentile: 4.33% (scored less or equal to compared to others)

EPSS Date: 2025-06-05 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-2826
https://www.arista.com/en/support/advisories-notices/security-advisory/21414-security-advisory-0120

Timeline

2025-05-27 23:40:09 UTC
CVE

n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled ...