CVE-2026-25621: Arista Edge Threat Management NGFW Reports Application Insecure Input Validation
Published Jun 5, 2026
·Updated
A Reports application infrastructure vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW) due to insecure input validation. This issue uniquely affects version 17.4.0; earlier software releases are not exposed.
Affected Software
2 affected components
Arista Arista Edge Threat Management (NGFW)=17.4.0
Arista NG Firewall=17.4
Remediation
Information
The recommended resolution is to upgrade to NGFW Version 17.4.1 at your earliest convenience.
Event History
Jun 5, 2026
CVE Published
via MITRE·07:28 PM
Data Sourced
via MITRE·07:28 PM
RemedyDescriptionSeverityWeakness
Data Sourced
via NVD·08:17 PM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2026-25621?
The severity of CVE-2026-25621 is classified as medium with a score of 6.
2
How do I fix CVE-2026-25621?
To fix CVE-2026-25621, upgrade to NGFW Version 17.4.1 as soon as possible.
3
What kind of input validation issue does CVE-2026-25621 represent?
CVE-2026-25621 represents an insecure input validation issue that can lead to OS command injection.
4
Which version of the software is affected by CVE-2026-25621?
CVE-2026-25621 uniquely affects version 17.4.0 of Arista Edge Threat Management NGFW.
5
Is CVE-2026-25621 present in earlier software releases?
No, earlier software releases before version 17.4.0 are not exposed to CVE-2026-25621.