Cyber Resilience

CVE-2025-1259

High

Published: 04 March 2025

Published
04 March 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
EPSS Score 0.0025 49.0th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-1259 is a high-severity Improper Access Control (CWE-284) vulnerability in Arista EOS (inferred from references). Its CVSS base score is 7.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Network Device Configuration Dump (T1602.002); ranked at the 49.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-1259 affects Arista EOS platforms with OpenConfig configured, where a gNOI request can be executed even when it should be rejected. This improper access control vulnerability, classified under CWE-284, enables users to retrieve data that is not intended to be available to them. The issue carries a CVSS v3.1 base score of 7.7 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N), highlighting high confidentiality impact with network accessibility and low attack complexity.

Exploitation requires low privileges (PR:L) over the network without user interaction. A malicious authenticated user can send a gNOI request that circumvents rejection logic, achieving scoped high-impact unauthorized data disclosure from the affected EOS instance.

Arista has issued a security advisory providing details on mitigations and patches at https://www.arista.com/en/support/advisories-notices/security-advisory/21098-security-advisory-0111. Security practitioners should consult this for specific remediation steps.

EU & UK References

Vulnerability details

On affected platforms running Arista EOS with OpenConfig configured, a gNOI request can be run when it should have been rejected. This issue can result in users retrieving data that should not have been available

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1602.002 Network Device Configuration Dump Collection
Adversaries may access network configuration files to collect sensitive data about the device and the network.
Why these techniques?

Improper access control in gNOI allows low-priv authenticated users to bypass rejection logic and retrieve unauthorized data from the network device, directly enabling network device configuration/state data collection.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-35177Shared CWE-284
CVE-2026-48898Shared CWE-284
CVE-2025-29315Shared CWE-284
CVE-2025-55261Shared CWE-284
CVE-2026-39339Shared CWE-284
CVE-2026-28855Shared CWE-284
CVE-2026-46839Shared CWE-284
CVE-2025-27646Shared CWE-284
CVE-2026-25519Shared CWE-284
CVE-2026-25176Shared CWE-284

Affected Assets

Arista
EOS
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces approved authorizations for logical access, addressing the core failure to reject unauthorized gNOI requests in Arista EOS OpenConfig.

prevent

Requires identification, reporting, and correction of flaws like the improper access control in gNOI request handling, enabling patching per Arista advisory.

prevent

Limits privileges to the minimum necessary, mitigating unauthorized data disclosure by low-privileged (PR:L) users exploiting the gNOI vulnerability.

References