CVE-2025-2826 — LOW (2.6) — White Hats Nepal

Vulnerability Description

n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets. This can cause incoming packets to incorrectly be allowed or denied. The two symptoms of this issue on the affected release and platform are: * Packets which should be permitted may be dropped and, * Packets which should be dropped may be permitted.

CVSS Score

2.6

LOW

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Related Weaknesses (CWE)

CWE-1284

References

https://www.arista.com/en/support/advisories-notices/security-advisory/21414-sec

FAQ

What is CVE-2025-2826?

CVE-2025-2826 is a vulnerability with a CVSS score of 2.6 (LOW). n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result ...

How severe is CVE-2025-2826?

CVE-2025-2826 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-2826?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.