Arista Patches Critical Vulnerability in CloudVision ZTP With CVSS 10 Score

Arista Networks has issued a critical security advisory for a newly discovered vulnerability – CVE-2025-0505—rated with a maximum CVSS score of 10.0. The flaw affects on-premise deployments of CloudVision Portal and CloudVision CUE, and stems from how the Zero Touch Provisioning (ZTP) feature is implemented.

“Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary,” the advisory explains. This elevated access could allow a malicious actor to manipulate or query device system states under CloudVision’s management.

Fortunately, CloudVision as-a-Service (CVaaS) is not affected.

The vulnerability impacts the following on-premise software versions:

• CloudVision Portal 2024.2.0, 2024.2.1, and 2024.3.0
• All corresponding CV-CUE (CloudVision Cognitive Unified Edge) versions bundled with the above

“CloudVision Portal, virtual appliance or physical appliance” and “CloudVision CUE, virtual appliance or physical appliance” are explicitly listed as affected platforms.

What makes CVE-2025-0505 particularly dangerous is that ZTP is enabled by default, removing the need for complex misconfigurations to be exploited.

“There are no configuration settings specific to this vulnerability,” Arista notes. Any deployment running the affected versions with ZTP active is therefore immediately exposed.

If exploited, the flaw could allow attackers—potentially even rogue insiders or compromised automation devices—to escalate their privileges to full administrative access.

Administrators are encouraged to inspect the ZTP interface for anomalies: “Suspicious or unexpected device serial numbers… such as a device serial that the customer does not own or that was not provisioned using ZTP,” could indicate malicious registration activity.

For customers unable to immediately upgrade, Arista offers a mitigation strategy: disable the ZTP component until a patched version can be deployed.

cvpi disable ztp  
cvpi stop ztp  
cvpi status ztp

These commands will fully deactivate the ZTP process across CloudVision nodes. To re-enable after patching:

cvpi enable ztp  
cvpi start ztp

Arista recommends upgrading to one of the following versions, which include the patch for CVE-2025-0505:

• 2024.2.2 and later in the 2024.2.x train
• 2024.3.1 and later in the 2024.3.x train

Full upgrade instructions are available in the Arista CloudVision Upgrade Guide.

Though Arista reports no known malicious exploitation of this vulnerability, the CVSS 10 rating and default-enabled nature of ZTP underscore the urgency of addressing this flaw.

Related Posts:

• Arista Fixes Critical CloudVision Portal Vulnerability with CVSS 10 Score
• Arista EOS: Critical Vulnerability Exposes Cleartext Transmission (CVE-2024-12378)
• Arista EOS Devices Vulnerable to Unauthorized Data Access and Configuration Changes (CVE-2025-1259 & CVE-2025-1260)
• CVE-2024-4177: SSRF Vulnerability Patched in Bitdefender GravityZone Console On-Premise
• Ivanti Issues Critical Fixes for ITSM Vulnerabilities (CVE-2024-7569 and CVE-2024-7570)