CVE-2026-25622

CVE-2026-25622 affects Arista Edge Threat Management NGFW. A Captive Portal Custom Handler command injection exists where an administrative user logged into the UI can exploit input handling to execute arbitrary shell commands on the platform. Affected: NGFW versions up to 17.4.0 (per Arista advi...

CVE-2026-25622

A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall NGFW. On affected platforms, an administrative account logged into the user interface can exploit this input handling behavior to execute arbitrary platform...

Arista Edge Threat Management - Arista Next Generation Firewall 安全漏洞

Arista Edge Threat Management – Arista Next Generation Firewall is a unified network security platform developed by the American company Arista. It integrates next-generation firewalls, intrusion prevention, web filtering, application control, and network threat protection capabilities. There are...

PT-2026-47045

Name of the Vulnerable Software and Affected Versions Arista Edge Threat Management - Arista Next Generation Firewall NGFW version 17.4.0 Description An encrypted password command injection vulnerability exists in the Captive Portal application framework. Command injection is a flaw that allows a...

Exploit for CVE-2025-6980

Arista NGFW Sensitive Information Disclosure Check Arista NGF...

Arista NG Firewall runTroubleshooting Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the implementation of the...

Arista NG Firewall replace_marker Exposed Dangerous Function Authentication Bypass Vulnerability

This vulnerability allows remote attackers to to bypass authentication on affected installations of Arista NG Firewall. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handler.p...

Arista NG Firewall 安全漏洞

Arista NG Firewall is a WEB firewall from Arista USA. A security vulnerability exists in Arista NG Firewall that stems from multiple SQL injection vulnerabilities in the application...

Arista NG Firewall 安全漏洞

Arista NG Firewall is a WEB firewall from Arista USA. A security vulnerability exists in Arista NG Firewall that stems from an administrator's ability to configure insecure forced portal scripts...

Arista NG Firewall SQL注入漏洞

Arista NG Firewall is a WEB firewall from Arista USA. Arista NG Firewall suffers from a SQL injection vulnerability that stems from a lack of proper validation before constructing a SQL query using a user-supplied string, resulting in a SQL Injection Arbitrary File Read/Write vulnerability that...

Arista NG Firewall 安全漏洞

Arista NG Firewall is a WEB firewall from Arista USA. A security vulnerability exists in Arista NG Firewall that stems from incorrect authorization and allows a local attacker to elevate privileges...

Arista NG Firewall 路径遍历漏洞

Arista NG Firewall is a WEB firewall from Arista Corporation. A path traversal vulnerability exists in Arista NG Firewall that stems from a lack of proper validation before using user-supplied paths in file operations, resulting in a directory traversal remote code execution vulnerability that...

Arista NG Firewall 操作系统命令注入漏洞

Arista NG Firewall is a WEB firewall from Arista USA. Arista NG Firewall suffers from an operating system command injection vulnerability that stems from a lack of proper validation before executing a system call using a user-supplied string, resulting in a command injection remote code execution...

PT-2024-17749 · Arista · Arista Ng Firewall

Name of the Vulnerable Software and Affected Versions: Arista NG Firewall affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Authentication is required to exploit this issue. The specific flaw...

PT-2024-17751 · Arista · Arista Ng Firewall

Name of the Vulnerable Software and Affected Versions: Arista NG Firewall affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations of Arista NG Firewall. An attacker must first obtain the ability to execute low-privileged code...