CVEDB API

Vulnerabilities

Vulnerable Software

Arista: >> Ng Firewall >> 17.3 Security Vulnerabilities

CVE-2026-25624

An administrative cross-site scripting (XSS) vulnerability exists in the web user interface dashboard layout of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Unvalidated user-supplied variables are echoed back to administrative profiles, facilitating vector payload processing behavior controls.

CVSS Score

5.8

EPSS Score

0.0

Published

2026-06-05

CVE-2026-25622

A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). On affected platforms, an administrative account logged into the user interface can exploit this input handling behavior to execute arbitrary platform shell commands.

CVSS Score

7.0

EPSS Score

0.001

Published

2026-06-05

CVE-2026-25623

An input validation command execution vulnerability exists in the browser management pipeline of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Authenticated administrators can leverage this exposure to obtain underlying terminal script code processing execution permissions.

CVSS Score

7.0

EPSS Score

0.001

Published

2026-06-05

Page 1

Vulnerabilities

Vulnerable Software

Arista: >> Ng Firewall >> 17.3 Security Vulnerabilities

Products

Pricing

Contact Us