QSearchQSearch

CVE-2025-5090

6.5 MEDIUM

CVX is not resilient to unexpected messages from a connected switch

Published: 2026-06-05 · Last updated: 2026-06-05

Severity and scoring

CVSS
6.5 MEDIUM
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE
CWE-20

Description

CVX is not resilient to unexpected messages from a connected switch. This leads to agent crashes on CVX causing instability in the CVX cluster. An attacker could use this behavior to create a denial of service (DoS) scenario. Note that this would require the attacker to have a high privilege access to the connected switch to be able to send custom TCP packets to the CVX.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2026-47370 A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain... (9.9 CRITICAL)
  • CVE-2026-47369 A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in certain... (9.9 CRITICAL)
  • CVE-2026-47367 A malicious actor with access to the network and low privileges could exploit an Improper Input Validation vulnerability found in UID Ent... (9.9 CRITICAL)
  • CVE-2026-12034 Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux prior to 149.0.7827.115 allowed a remote at... (8.3 HIGH)
  • CVE-2026-12025 Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromi... (5.3 MEDIUM)