CVE-2025-54549

MEDIUM5.9JSON export Create alert

Description

Cryptographic validation of upgrade images could be circumventing by dropping a specifically crafted file into the upgrade ISO

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

None

Integrity

High

Availability

None

Affected products

Arista Networks / DANZ Monitoring Fabric0 – 0
Arista Networks / DANZ Monitoring Fabric0 – DMF 8.6.1
Arista Networks / DANZ Monitoring Fabric0 – DMF 8.5.2
Arista Networks / DANZ Monitoring Fabric0 – CCF 6.2.4
Arista Networks / DANZ Monitoring Fabric0 – CVA 7.0
Arista Networks / DANZ Monitoring Fabric0 – MCD 2.4.0

References

VENDOR_ADVISORYhttps://www.arista.com/en/support/advisories-notices/security-advisory/22538-security-advisory-0124