CVE-2025-8872 — MEDIUM (6.5)

Vulnerability Description

On affected platforms running Arista EOS with OSPFv3 configured, a specially crafted packet can cause the OSFPv3 process to have high CPU utilization which may result in the OSFPv3 process being restarted. This may cause disruption in the OSFPv3 routes on the switch. This issue was discovered internally by Arista and is not aware of any malicious uses of this issue in customer networks.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Related Weaknesses (CWE)

CWE-400

References

https://www.arista.com/en/support/advisories-notices/security-advisory/23115-sec

FAQ

What is CVE-2025-8872?

CVE-2025-8872 is a vulnerability with a CVSS score of 6.5 (MEDIUM). On affected platforms running Arista EOS with OSPFv3 configured, a specially crafted packet can cause the OSFPv3 process to have high CPU utilization which may result in the OSFPv3 process being resta...

How severe is CVE-2025-8872?

CVE-2025-8872 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-8872?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.