CVE-2025-5088

Vulnerability

An authenticated Redis session within Arista CloudVision Exchange (CVX) can be leveraged to gain full root access across all servers in the CVX cluster. This vulnerability affects CVX-based features, including Media Control Services (MCS). The issue arises because all Redis communication, including authentication, occurs over plaintext, and requires an attacker to possess network access to the Redis service and the Redis password [1]. This is tracked internally as BUG1140117 and is related to CWE-269: Improper Privilege Management.

Exploitation

An attacker must first have network access to the Redis service on a CVX server and obtain the Redis password. With these prerequisites met, the attacker can establish an authenticated Redis session. Since Redis communication is unencrypted, the attacker can then issue commands to escalate privileges and gain root access to all servers within the CVX cluster [1].

Impact

Successful exploitation of this vulnerability allows an attacker to obtain full root access to all servers in the CVX cluster. This grants the attacker complete control over the affected infrastructure, enabling them to perform any action with the highest level of privilege, including data modification, system compromise, and potential denial of service [1].

Mitigation

Arista has acknowledged this vulnerability, tracked as BUG1140117. Specific details regarding a patched version release date or a permanent fix are not yet disclosed in the available references. Users are advised to consult Arista's security advisories for future updates on mitigation strategies or patches [1]. TLS support for Redis is being tracked under RFE1294850.