CVE-2026-25624
published 2026-06-05CVE-2026-25624: An administrative cross-site scripting (XSS) vulnerability exists in the web user interface dashboard layout of Arista Edge Threat Management - Arista Next…
PriorityP421medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
0.15%
4.9th percentile
An administrative cross-site scripting (XSS) vulnerability exists in the web user interface dashboard layout of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Unvalidated user-supplied variables are echoed back to administrative profiles, facilitating vector payload processing behavior controls.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arista | ng_firewall | < 17.4.1 | 17.4.1 |
| arista_networks | arista_edge_threat_management_arista_next_generation_firewall | <= 17.4.0 | — |
CVSS provenance
nvdv3.14.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
nvdv4.05.8MEDIUMCVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Arista Edge Threat Management up to 17.4.0 Web User Interface cross site scripting
vuldb·2026-06-06·CVSS 5.8
CVE-2026-25624 [MEDIUM] Arista Edge Threat Management up to 17.4.0 Web User Interface cross site scripting
A vulnerability classified as problematic was found in Arista Edge Threat Management up to 17.4.0. The affected element is an unknown function of the component Web User Interface. The manipulation results in cross site scripting.
This vulnerability is reported as CVE-2026-25624. The attack can be launched remotely. No exploit exists.
GHSA
An administrative cross-site scripting (XSS) vulnerability exists in the web user interface dashboard layout of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW).
ghsa_unreviewed·2026-06-05
CVE-2026-25624 [MEDIUM] CWE-79 An administrative cross-site scripting (XSS) vulnerability exists in the web user interface dashboard layout of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW).
An administrative cross-site scripting (XSS) vulnerability exists in the web user interface dashboard layout of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Unvalidated user-supplied variables are echoed back to administrative profiles, facilitating vector payload processing behavior controls.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-05
Published