CVE-2025-6188

On affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503 may be accepted by EOS. UDP Port 3503 is associated with LspPing Echo Reply. This can result in unexpected behaviors, especially for UDP based services that do not perform some form of authentication.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://www.arista.com/en/support/advisories-notices/security-advisory/22021-security-advisory-0121

Configurations

No configuration.

History

27 Aug 2025, 15:15

Type	Values Removed	Values Added
CWE		CWE-290

26 Aug 2025, 13:41

Type	Values Removed	Values Added
Summary		(es) En las plataformas afectadas que ejecutan Arista EOS, EOS podría aceptar paquetes UDP maliciosos con el puerto de origen 3503. El puerto UDP 3503 está asociado con la respuesta de eco de LspPing. Esto puede provocar comportamientos inesperados, especialmente en servicios basados en UDP que no realizan ningún tipo de autenticación.

25 Aug 2025, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-25 21:15

Updated : 2025-08-27 15:15

NVD link : CVE-2025-6188

Mitre link : CVE-2025-6188

CVE.ORG link : CVE-2025-6188

JSON object : View

Products Affected

No product.

CWE

CWE-290

Authentication Bypass by Spoofing

7.5 /10