CVE-2026-25622
published 2026-06-05CVE-2026-25622: A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). On affected…
PriorityP350medium6CVSS 3.1
AVNACLPRHUINSUCHILAL
EPSS
10.24%
95.1th percentile
A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). On affected platforms, an administrative account logged into the user interface can exploit this input handling behavior to execute arbitrary platform shell commands.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arista | ng_firewall | < 17.4.1 | 17.4.1 |
| arista_networks | arista_edge_threat_management_arista_next_generation_firewall | <= 17.4.0 | — |
CVSS provenance
nvdv3.16.0MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
nvdv4.07.0HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Arista Edge Threat Management up to 17.4.0 User Interface os command injection
vuldb·2026-06-06·CVSS 7.0
CVE-2026-25622 [HIGH] Arista Edge Threat Management up to 17.4.0 User Interface os command injection
A vulnerability was found in Arista Edge Threat Management up to 17.4.0 and classified as critical. The impacted element is an unknown function of the component User Interface. Such manipulation leads to os command injection.
This vulnerability is uniquely identified as CVE-2026-25622. The attack can be launched remotely. No exploit exists.
GHSA
A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW).
ghsa_unreviewed·2026-06-05
CVE-2026-25622 [HIGH] CWE-78 A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW).
A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). On affected platforms, an administrative account logged into the user interface can exploit this input handling behavior to execute arbitrary platform shell commands.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-05
Published