Main Vulnerability Database Vulnerabilities #VU126178

#VU126178 OS Command Injection in Arista Edge Threat Management - Arista NG Firewall (NGFW) - CVE-2026-25623

Published: April 15, 2026

Vulnerability identifier: #VU126178

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-25623

CWE-ID: CWE-78

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Arista Edge Threat Management - Arista NG Firewall (NGFW)

Software vendor:
Arista Networks

Description

The vulnerability allows a remote user to execute arbitrary commands.

The vulnerability exists due to command injection in an unspecified command execution functionality when handling crafted input in the NGFW user interface. A remote privileged user can submit crafted input to execute arbitrary commands.

Exploitation requires access to an administrative account logged into the NGFW user interface.

Remediation

Install security update from vendor's website.

External links

https://www.arista.com/en/support/advisories-notices/security-advisory/23399-security-advisory-0133

#VU126178 OS Command Injection in Arista Edge Threat Management - Arista NG Firewall (NGFW) - CVE-2026-25623

Description

Remediation

External links

Please verify you're human