CVE-2025-8870 PUBLISHED

On affected platforms running Arista EOS, certain serial console input might result in an unexpected reload of the device.

Assigner: Arista
Reserved: 11.08.2025 Published: 14.11.2025 Updated: 14.11.2025

On affected platforms running Arista EOS, certain serial console input might result in an unexpected reload of the device.153

Metrics

CVSS Vector: CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H
CVSS Score: 5.6

Product Status

Vendor Arista Networks
Product EOS
Versions Default: unaffected
  • Version 4.34.2FX is affected

Affected Configurations

In order to be vulnerable to CVE-2025-8870, both of the following conditions must be met:

  • An attacker must have a serial interface connection to the device or access to remotely access the console via the console port. Network remote access does not cause this issue.

AND

  • Device must be using the Synopsys Designware serial model:
<h1>bash dmesg | grep "Synopsys DesignWare"</h1>

[   1.287358] 10200000.serial: ttyS0 at MMIO 0x10200000 (irq = 15, base_baud = 15625000) is a Synopsys DesignWare

[   1.287845] 10201000.serial: ttyS1 at MMIO 0x10201000 (irq = 164, base_baud = 15625000) is a Synopsys DesignWare

Workarounds

The mitigation is to limit access to the serial console.

Solutions

The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Arista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see EOS User Manual: Upgrades and Downgrades https://www.arista.com/en/um-eos/eos-upgrades-and-downgrades

CVE-2025-8870 has been fixed in the following releases:

  • 4.35.0F and later releases

References

Problem Types

  • CWE-248 CWE

Impacts

  • CAPEC-153 Input Data Manipulation