Platform
other
Component
cloudvision-portal
Fixed in
2024.2.2
2024.3.1
CVE-2025-0505 is a critical vulnerability affecting Arista CloudVision Portal, specifically impacting on-premise deployments (virtual or physical). This issue allows an attacker leveraging Zero Touch Provisioning to gain administrative privileges beyond what is necessary, potentially leading to unauthorized access and manipulation of system state and managed devices. The vulnerability affects versions 2024.2.0 through 2024.3.0, and a fix is available in version 2024.3.1.
The core of the vulnerability lies in the Zero Touch Provisioning (ZTP) feature within CloudVision Portal. An attacker can exploit this to gain elevated privileges, effectively bypassing standard access controls. This allows them to query and manipulate the state of devices managed by CloudVision, potentially leading to configuration changes, data exfiltration, or even complete control over those devices. The blast radius extends to all devices under management within the affected CloudVision Portal instance. While CloudVision as-a-Service is not affected, on-premise deployments are at significant risk. This vulnerability could be leveraged for widespread disruption and data compromise within an organization’s network infrastructure.
CVE-2025-0505 was publicly disclosed on May 8, 2025. Currently, there is no indication of active exploitation in the wild, and it is not listed on the CISA KEV catalog. Public proof-of-concept exploits are not yet available, but the critical severity and potential impact suggest that exploitation is likely if the vulnerability remains unpatched. Monitor security advisories and threat intelligence feeds for any updates.
Exploit Status
EPSS
0.30% (53% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-0505 is to immediately upgrade Arista CloudVision Portal to version 2024.3.1 or later. Prior to upgrading, it is crucial to review and back up your CloudVision Portal configuration to facilitate a rollback if necessary. If an immediate upgrade is not feasible, consider temporarily restricting access to the Zero Touch Provisioning feature or implementing stricter access controls for users with ZTP privileges. Arista recommends reviewing their security advisory for detailed upgrade instructions and best practices. After upgrading, confirm the fix by verifying that Zero Touch Provisioning no longer grants excessive privileges.
Update to a CloudVision Portal version later than 2024.3.0. See the Arista advisory for specific details on patched versions and upgrade instructions. This will mitigate the Zero Touch Provisioning vulnerability that allows for unauthorized administrator privileges.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-0505 is a critical vulnerability in Arista CloudVision Portal versions 2024.2.0–2024.3.0. It allows attackers to escalate privileges through Zero Touch Provisioning, potentially gaining control over managed devices. The CVSS score is 10 (CRITICAL).
If you are running Arista CloudVision Portal versions 2024.2.0 through 2024.3.0 on an on-premise deployment, you are potentially affected. CloudVision as-a-Service is not impacted.
Upgrade Arista CloudVision Portal to version 2024.3.1 or later. Back up your configuration before upgrading to allow for rollback if needed.
There is currently no evidence of active exploitation in the wild, but the critical severity suggests potential for future exploitation.
Refer to the official Arista CloudVision security advisory for detailed information and upgrade instructions. Check the Arista support website for the latest advisory.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.