CVE-2025-0505 – “Arista CloudVision Zero Touch Provisioning Privilege Escalation”

May 8, 2025

CVE ID : CVE-2025-0505

Published : May 8, 2025, 7:16 p.m. | 56 minutes ago

Description : On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that CloudVision as-a-Service is not affected.

Severity: 10.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2024-8100 – Arista CloudVision Portal – Token Privilege Escalation

Next Article CVE-2024-11186 – Arista CloudVision Portal Elevated Privilege Access Vulnerability

1 Comment

zoritoler imol on August 11, 2025 11:40 AM

Hi there, simply was alert to your blog via Google, and located that it’s truly informative. I am going to be careful for brussels. I’ll appreciate if you happen to proceed this in future. A lot of other folks will be benefited out of your writing. Cheers!

Reply

Highlights

CVE-2025-3438 – WordPress WCFM Marketplace MStore API Privilege Escalation

May 2, 2025

CVE ID : CVE-2025-3438

Published : May 2, 2025, 6:15 a.m. | 1 hour, 5 minutes ago

Description : The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 4.17.4. This is due to a lack of restriction of role when registering. This makes it possible for unauthenticated attackers to to register with the ‘wcfm_vendor’ role, which is a Store Vendor role in the WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress. The vulnerability can only be exploited if the WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin is installed and activated. The vulnerability was partially patched in version 4.17.3.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: Functionally, a Date

Creating Elastic And Bounce Effects With Expressive Animator

Microsoft shares Insiders preview of Visual Studio 2026

From Data To Decisions: UX Strategies For Real-Time Dashboards

DistroWatch Weekly, Issue 1139

Building personal apps with open source and AI

What Can We Actually Do With corner-shape?

Craft, Clarity, and Care: The Story and Work of Mengchu Yao

Can I use React Server Components (RSCs) today?

Can I use React Server Components (RSCs) today?

Perficient Named among Notable Providers in Forrester’s Q3 2025 Commerce Services Landscape

Sarah McDowell Helps Clients Build a Strong AI Foundation Through Salesforce

I Ran Local LLMs on My Android Phone

I Ran Local LLMs on My Android Phone

DistroWatch Weekly, Issue 1139

sudo vs sudo-rs: What You Need to Know About the Rust Takeover of Classic Sudo Command

CVE-2025-0505 – “Arista CloudVision Zero Touch Provisioning Privilege Escalation”

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

1 Comment

NSO Group Fined $168M for Targeting 1,400 WhatsApp Users With Pegasus Spyware

CVE-2025-43596 – MSP360 Backup Escalation of Privileges Vulnerability

AIIMS ORBO Portal Vulnerability Leads to Massive Data Exposure

Xbox is bringing more games to “Stream Your Own Game” for Cloud Gaming — as well as a feature we’ve wanted for years

CVE-2025-3438 – WordPress WCFM Marketplace MStore API Privilege Escalation

VMware has quietly brought back a popular free product over a year after killing it off

CVE-2023-28910 – Skoda MIB3 Bluetooth Stack Assertion Bypass Vulnerability

What It’s Like to Build a Sales Career at Perficient

CVE-2025-0505 – “Arista CloudVision Zero Touch Provisioning Privilege Escalation”

Related Posts

1 Comment