CVE-2025-0505 - Common Vulnerabilities and Exposures https://www.hacktheforum.com/common-vulnerabilities-and-exposures/cve-2025-0505/ Hack The Forum Discussion Board en Sat, 18 Apr 2026 09:19:42 +0000 wpForo 60 CVE-2025-0505 https://www.hacktheforum.com/common-vulnerabilities-and-exposures/cve-2025-0505/#post-20043 Fri, 20 Feb 2026 22:55:45 +0000 Description

On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that CloudVision as-a-Service is not affected.

Affected Software

CloudVision Portal Versions
  • 2024.2.0 and 2024.2.1
  • 2024.3.0

 

Affected Platforms

The following products are affected by this vulnerability:
  • CloudVision Portal, virtual appliance or physical appliance
  • CloudVision CUE, virtual appliance or physical appliance

Mitigation

The ZTP component on CloudVision (on-premise) can be disabled by running the following on any of the nodes of the CloudVision deployment.

cvpi disable ztp
cvpi stop ztp

The following command can be used to verify that the component is stopped:

cvpi status ztp
 
Executing command. This may take some time...
Completed 1/1 discovered actions
primary  components total:1 running:0 disabled:1

 

The recommended resolution is to upgrade to a remediated software version at your earliest convenience. 

 
CVE-2025-0505 has been fixed in the following releases:
      • 2024.2.2 and later releases in the 2024.2.x train
      • 2024.3.1 and later releases in the 2024.3.x train

References

https://www.arista.com/en/support/advisories-notices/security-advisory/21315-security-advisory-0115

https://nvd.nist.gov/vuln/detail/CVE-2025-0505

]]> Common Vulnerabilities and Exposures kajal https://www.hacktheforum.com/common-vulnerabilities-and-exposures/cve-2025-0505/#post-20043