EXECUTIVE SUMMARY:
Arista Networks has issued a critical advisory for CVE-2025-0505, a Zero Touch Provisioning (ZTP) vulnerability in on-premises versions of CloudVision Portal and CloudVision CUE, carrying a maximum CVSS score of 10.0. This flaw, enabled by default and not requiring misconfigurations, allows attackers to escalate privileges to full administrative access, potentially compromising system integrity. While CloudVision as-a-Service is unaffected, impacted versions include CloudVision Portal 2024.2.0–2024.3.0 and their corresponding CUE bundles. Arista urges customers to either upgrade to patched versions or disable ZTP using specific commands until patches are applied, stressing that no active exploitation has been observed yet.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
Arista Networks has issued a critical advisory for CVE-2025-0505, a Zero Touch Provisioning (ZTP) vulnerability in on-premises versions of CloudVision Portal and CloudVision CUE, carrying a maximum CVSS score of 10.0. This flaw, enabled by default and not requiring misconfigurations, allows attackers to escalate privileges to full administrative access, potentially compromising system integrity. While CloudVision as-a-Service is unaffected, impacted versions include CloudVision Portal 2024.2.0–2024.3.0 and their corresponding CUE bundles. Arista urges customers to either upgrade to patched versions or disable ZTP using specific commands until patches are applied, stressing that no active exploitation has been observed yet.[emaillocker id="1283"]
RECOMMENDATION:
We strongly recommend you update Arista Networks to below versions:
REFERENCES:
The following reports contain further technical details:
[/emaillocker]