CVE-2026-25623: Arista Edge Threat Management NGFW UI Arbitrary Command Execution
Published Jun 5, 2026
·Updated
An input validation command execution vulnerability exists in the browser management pipeline of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Authenticated administrators can leverage this exposure to obtain underlying terminal script code processing execution permissions.
Affected Software
2 affected components
Arista Arista Edge Threat Management (NGFW)
Arista NG Firewall<17.4.1
Remediation
Information
The recommended resolution is to upgrade to NGFW Version 17.4.1 at your earliest convenience.
Event History
Jun 5, 2026
CVE Published
via MITRE·07:31 PM
Data Sourced
via MITRE·07:31 PM
RemedyDescriptionSeverityWeakness
Data Sourced
via NVD·08:17 PM
DescriptionSeverityWeaknessAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2026-25623?
CVE-2026-25623 has a severity rating of medium with a score of 6.
2
How do I fix CVE-2026-25623?
To resolve CVE-2026-25623, upgrade to NGFW Version 17.4.1.
3
What type of vulnerability is CVE-2026-25623?
CVE-2026-25623 is an input validation command execution vulnerability.
4
Who is affected by CVE-2026-25623?
CVE-2026-25623 affects authenticated administrators using Arista Edge Threat Management NGFW.
5
What could an attacker achieve by exploiting CVE-2026-25623?
Exploitation of CVE-2026-25623 could allow an attacker to execute terminal script code with elevated permissions.