CVE-2025-0505CRITICAL 10.0EPSS p42.9%

CVE-2025-0505CVE-2025-0505

Description

On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that CloudVision as-a-Service is not affected.

Scoring

CVSS 3.110.0 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
EPSS0.58% probability of exploitation · percentile 42.9% · 2026-06-19T12:03:05Z
Published2025-05-08
Last modified2026-04-15

Underlying weaknesses· 1

CWE-269

References

  1. https://www.arista.com/en/support/advisories-notices/security-advisory/21315-security-advisory-0115

1

TypeTargetConfidenceTier
WeaknessImproper Privilege Managementcwe-2690%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-0324
CVE
CVE-2025-0358
CVE
CVE-2025-61955
CVE
CVE-2025-54914
CVE
CVE-2025-53868
CVE
CVE-2025-1260
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.