#VU126177 OS Command Injection in Arista Edge Threat Management - Arista NG Firewall (NGFW) - CVE-2026-25622
Published: April 15, 2026
Vulnerability identifier: #VU126177
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2026-25622
CWE-ID: CWE-78
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Arista Edge Threat Management - Arista NG Firewall (NGFW)
Arista Edge Threat Management - Arista NG Firewall (NGFW)
Software vendor:
Arista Networks
Arista Networks
Description
The vulnerability allows a remote user to execute arbitrary commands.
The vulnerability exists due to command injection in the Captive Portal Custom Handler when handling crafted input in the NGFW user interface. A remote privileged user can submit crafted input to execute arbitrary commands.
Exploitation requires access to an administrative account logged into the NGFW user interface.
Remediation
Install security update from vendor's website.