{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-3456", "assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "state": "PUBLISHED", "assignerShortName": "Arista", "dateReserved": "2025-04-08T21:38:05.413Z", "datePublished": "2025-08-25T20:02:48.722Z", "dateUpdated": "2025-08-25T20:31:54.730Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["EOS"], "product": "EOS", "vendor": "Arista Networks", "versions": [{"status": "affected", "version": "4.34.0F", "versionType": "custom"}, {"lessThanOrEqual": "4.33.3F", "status": "affected", "version": "4.33.0", "versionType": "custom"}, {"lessThanOrEqual": "4.32.5M", "status": "affected", "version": "4.32.0", "versionType": "custom"}, {"lessThanOrEqual": "4.31.7M", "status": "affected", "version": "4.31.0", "versionType": "custom"}, {"lessThanOrEqual": "4.30.10M", "status": "affected", "version": "4.30.0", "versionType": "custom"}, {"lessThanOrEqual": "4.29.10M", "status": "affected", "version": "4.29.0", "versionType": "custom"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>In order to be vulnerable to CVE-2025-3456, the following condition must be met:</p><p>The global custom encryption key must be configured:</p><pre>switch#show running-config | sect management security\nmanagement security\n&nbsp; &nbsp;password encryption-key common custom &lt;key&gt;</pre><br>"}], "value": "In order to be vulnerable to CVE-2025-3456, the following condition must be met:\n\nThe global custom encryption key must be configured:\n\nswitch#show running-config | sect management security\nmanagement security\n\u00a0 \u00a0password encryption-key common custom <key>"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and protocol specific encrypted secrets from the device running-config could then be used to obtain protocol specific passwords in cases where symmetric passwords are required between devices with neighbor protocol relationships.</span><br>"}], "value": "On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and protocol specific encrypted secrets from the device running-config could then be used to obtain protocol specific passwords in cases where symmetric passwords are required between devices with neighbor protocol relationships."}], "impacts": [{"capecId": "CAPEC-545", "descriptions": [{"lang": "en", "value": "CAPEC-545: Pull Data from System Resources"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "shortName": "Arista", "dateUpdated": "2025-08-25T20:02:48.722Z"}, "references": [{"url": "https://https://www.arista.com/en/support/advisories-notices/security-advisory/22022-security-advisory-0122"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\">EOS User Manual: Upgrades and Downgrades</a></p><div>&nbsp;</div><div>CVE-2025-3456 has been fixed in the following releases:</div><ul><li>4.34.1F and later releases in the 4.34.x train</li><li>4.33.4M and later releases in the 4.33.x train</li><li>4.32.6M and later releases in the 4.32.x train</li><li>4.31.8M and later releases in the 4.31.x train</li></ul>"}], "value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\n\u00a0\n\nCVE-2025-3456 has been fixed in the following releases:\n\n * 4.34.1F and later releases in the 4.34.x train\n * 4.33.4M and later releases in the 4.33.x train\n * 4.32.6M and later releases in the 4.32.x train\n * 4.31.8M and later releases in the 4.31.x train"}], "source": {"advisory": "122", "defect": ["BUG1114420"], "discovery": "INTERNAL"}, "title": "On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and protocol specific encrypted secrets from the device running-c", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">There is no known mitigation for the issue. The recommended resolution is to upgrade to a remediated software version at your earliest convenience and afterwards rotate the custom global encryption-key.</span><br>"}], "value": "There is no known mitigation for the issue. The recommended resolution is to upgrade to a remediated software version at your earliest convenience and afterwards rotate the custom global encryption-key."}], "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-25T20:31:37.034026Z", "id": "CVE-2025-3456", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-25T20:31:54.730Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-3456", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-25T20:31:37.034026Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-25T20:22:46.098Z"}}], "cna": {"title": "On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and protocol specific encrypted secrets from the device running-c", "source": {"defect": ["BUG1114420"], "advisory": "122", "discovery": "INTERNAL"}, "impacts": [{"capecId": "CAPEC-545", "descriptions": [{"lang": "en", "value": "CAPEC-545: Pull Data from System Resources"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 3.8, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Arista Networks", "product": "EOS", "versions": [{"status": "affected", "version": "4.34.0F", "versionType": "custom"}, {"status": "affected", "version": "4.33.0", "versionType": "custom", "lessThanOrEqual": "4.33.3F"}, {"status": "affected", "version": "4.32.0", "versionType": "custom", "lessThanOrEqual": "4.32.5M"}, {"status": "affected", "version": "4.31.0", "versionType": "custom", "lessThanOrEqual": "4.31.7M"}, {"status": "affected", "version": "4.30.0", "versionType": "custom", "lessThanOrEqual": "4.30.10M"}, {"status": "affected", "version": "4.29.0", "versionType": "custom", "lessThanOrEqual": "4.29.10M"}], "platforms": ["EOS"], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades \n\n\u00a0\n\nCVE-2025-3456 has been fixed in the following releases:\n\n * 4.34.1F and later releases in the 4.34.x train\n * 4.33.4M and later releases in the 4.33.x train\n * 4.32.6M and later releases in the 4.32.x train\n * 4.31.8M and later releases in the 4.31.x train", "supportingMedia": [{"type": "text/html", "value": "<p>The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades\">EOS User Manual: Upgrades and Downgrades</a></p><div>&nbsp;</div><div>CVE-2025-3456 has been fixed in the following releases:</div><ul><li>4.34.1F and later releases in the 4.34.x train</li><li>4.33.4M and later releases in the 4.33.x train</li><li>4.32.6M and later releases in the 4.32.x train</li><li>4.31.8M and later releases in the 4.31.x train</li></ul>", "base64": false}]}], "references": [{"url": "https://https://www.arista.com/en/support/advisories-notices/security-advisory/22022-security-advisory-0122"}], "workarounds": [{"lang": "en", "value": "There is no known mitigation for the issue. The recommended resolution is to upgrade to a remediated software version at your earliest convenience and afterwards rotate the custom global encryption-key.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">There is no known mitigation for the issue. The recommended resolution is to upgrade to a remediated software version at your earliest convenience and afterwards rotate the custom global encryption-key.</span><br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and protocol specific encrypted secrets from the device running-config could then be used to obtain protocol specific passwords in cases where symmetric passwords are required between devices with neighbor protocol relationships.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and protocol specific encrypted secrets from the device running-config could then be used to obtain protocol specific passwords in cases where symmetric passwords are required between devices with neighbor protocol relationships.</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-532", "description": "CWE-532 Insertion of Sensitive Information into Log File"}]}], "configurations": [{"lang": "en", "value": "In order to be vulnerable to CVE-2025-3456, the following condition must be met:\n\nThe global custom encryption key must be configured:\n\nswitch#show running-config | sect management security\nmanagement security\n\u00a0 \u00a0password encryption-key common custom <key>", "supportingMedia": [{"type": "text/html", "value": "<p>In order to be vulnerable to CVE-2025-3456, the following condition must be met:</p><p>The global custom encryption key must be configured:</p><pre>switch#show running-config | sect management security\nmanagement security\n&nbsp; &nbsp;password encryption-key common custom &lt;key&gt;</pre><br>", "base64": false}]}], "providerMetadata": {"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "shortName": "Arista", "dateUpdated": "2025-08-25T20:02:48.722Z"}}}, "cveMetadata": {"cveId": "CVE-2025-3456", "state": "PUBLISHED", "dateUpdated": "2025-08-25T20:31:54.730Z", "dateReserved": "2025-04-08T21:38:05.413Z", "assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "datePublished": "2025-08-25T20:02:48.722Z", "assignerShortName": "Arista"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "On affected platforms running Arista EOS, the global common encryption key configuration may be logged in clear text, in local or remote accounting logs. Knowledge of both the encryption key and protocol specific encrypted secrets from the device running-config could then be used to obtain protocol specific passwords in cases where symmetric passwords are required between devices with neighbor protocol relationships."}], "id": "CVE-2025-3456", "lastModified": "2025-08-25T20:24:45.327", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 1.4, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-08-25T20:15:39.907", "references": [{"source": "[email protected]", "url": "https://https://www.arista.com/en/support/advisories-notices/security-advisory/22022-security-advisory-0122"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-532"}], "source": "[email protected]", "type": "Secondary"}]}

{}