CVE-2025-0936 is a medium-severity vulnerability affecting Arista Networks EOS (Extensible Operating System) versions 4.30.1F through 4.33.0. The vulnerability arises when the gNMI (gRPC Network Management Interface) transport is enabled and the gNOI (gRPC Network Operations Interface) File TransferToRemote RPC is used. Specifically, when credentials for a remote server are provided during this RPC operation, these sensitive credentials may be inadvertently logged or accounted on the local EOS device or potentially on other remote accounting servers such as TACACS or RADIUS. This behavior is linked to CWE-256, which involves the storage of sensitive information in an insecure manner. The vulnerability does not directly impact confidentiality through network interception but rather through improper handling and logging of credentials, which could be accessed by unauthorized users with access to logs or accounting servers. The CVSS 3.1 base score is 6.5, reflecting a medium severity with the vector indicating network attack vector (AV:N), low attack complexity (AC:L), requiring privileges (PR:L), no user interaction (UI:N), unchanged scope (S:U), no confidentiality impact (C:N), high integrity impact (I:H), and no availability impact (A:N). The key risk is the potential exposure of remote server credentials that could allow an attacker with access to logs or accounting servers to escalate privileges or move laterally within the network. No known exploits are currently reported in the wild, and no patches are linked yet, indicating that mitigation may rely on configuration changes or monitoring until a fix is released.

For European organizations, especially those in sectors relying heavily on network infrastructure such as telecommunications, finance, and critical infrastructure, this vulnerability poses a risk of credential leakage through logging mechanisms. Exposure of remote server credentials could lead to unauthorized access to network devices or remote servers, potentially enabling attackers to manipulate network configurations or intercept sensitive data. Since the vulnerability requires privileges on the EOS device to exploit, the initial compromise vector may be limited, but insider threats or attackers who have already gained limited access could leverage this to escalate privileges or expand their foothold. The impact on integrity is significant, as unauthorized changes to network devices could disrupt operations or compromise data flows. The absence of confidentiality impact in the CVSS vector refers to network confidentiality, but the local logging of credentials still represents a confidentiality risk if logs are accessed by unauthorized personnel. European organizations with centralized logging or accounting servers (e.g., TACACS, RADIUS) are particularly at risk if these systems are not properly secured. The lack of user interaction required makes automated exploitation feasible once privileges are obtained. Overall, the vulnerability could facilitate lateral movement and privilege escalation within enterprise networks, increasing the risk of broader compromise.

To mitigate this vulnerability, European organizations should first audit and restrict access to EOS device logs and remote accounting servers to trusted personnel only, ensuring strict access controls and monitoring are in place. Disable gNMI transport if it is not required for operational purposes to reduce the attack surface. If gNMI transport and the gNOI File TransferToRemote RPC are necessary, implement strict credential management policies, such as using ephemeral or limited-scope credentials that minimize risk if logged. Monitor logs and accounting servers for any unexpected credential entries or anomalies that could indicate exploitation attempts. Network segmentation should be enforced to isolate management interfaces and accounting servers from general user networks. Additionally, organizations should engage with Arista Networks for updates or patches addressing this vulnerability and plan timely deployment once available. Employing multi-factor authentication and just-in-time privilege elevation on EOS devices can further reduce the risk of privilege abuse. Finally, consider encrypting logs and accounting data at rest and in transit to protect sensitive information from unauthorized access.