CVE-2025-25040

Name of the Vulnerable Software and Affected Versions AOS-CX versions 10.14.xxxx through 10.15.1000

Description A vulnerability has been identified in the port ACL functionality of AOS-CX software, which could allow an attacker to bypass ACL rules applied to routed ports on egress. This results in port ACLs not being correctly enforced, potentially leading to unauthorized traffic flow and violations of security policies. Egress VLAN ACLs and Routed VLAN ACLs are not affected by this issue.

Recommendations For AOS-CX version 10.14.xxxx, update to a version above 10.14.xxxx to resolve the issue. For AOS-CX version 10.15.xxxx, update to a version above 10.15.1000 to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable port ACL functionality until a patch is available.