CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-25620

An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). This issue uniquely affects version 17.4.0; earlier software releases are not exposed.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 37.0%

CVSS Severity

CVSS v3 Score 6.0

References

https://www.arista.com/en/support/advisories-notices/security-advisory/22867-security-advisory-0133

Products affected by CVE-2026-25620

Arista » Ng Firewall » Version: 17.4

cpe:2.3:a:arista:ng_firewall:17.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-25620

Products

Pricing

Contact Us