Security Advisory 0117 PDF Date: May 6, 2025 Revision | Date | Changes —|—|— 1.0 | May 6, 2025 | Initial release The CVE-ID tracking this issue: CVE-2025-0936 CVSSv3.1 Base Score: 6.5 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) Common Weakness Enumeration: CWE-256: Plaintext Storage of a Password This vulnerability is being tracked by BUG 1045796 Description On affected platforms running Arista EOS with a gNMI transport enabled, running the gNOI File TransferToRemote RPC with credentials for a remote server may cause these remote-server credentials to be logged or accounted on the local EOS device or possibly on other remote accounting servers (i.e. TACACS, RADIUS, etc). Arista is not aware of any malicious uses of this issue in customer networks. Vulnerability Assessment Affected Software EOS Versions 4.33.0F and 4.33.1F 4.32.3M and below releases in the 4.32.x train 4.31.5M and below releases in the 4.31.x train From 4.30.1F through 4.30.9M in the 4.30.x train Affected Platforms The following products are affected by this vulnerability: Arista EOS-based products: 710 Series 720D Series 720XP/722XPM Series 750X Series 7010 Series 7010X Series 7020R Series 7130 Series running EOS 7150 Series 7160 Series 7170 Series 7050X/X2/X3/X4 Series 7060X/X2/X4/X5/X6 Series 7250X Series 7260X/X3 Series 7280E/R/R2/R3 Series 7300X/X3 Series 7320X Series 7358X4 Series 7368X4 Series 7388X5 Series 7500E/R/R2/R3 Series 7800R3/R4 Series 7700R4 Series AWE 5000 Series AWE…Read More