CVE-2026-25620
MediumCVSS 6.0Summary
An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management. This issue uniquely affects version 17.4.0; earlier software releases are not exposed.
Risk Assessment
This vulnerability may allow attackers to inject malicious commands, potentially leading to unauthorized access to the system. Organizations using the affected version should take immediate action to secure their systems.
Recommendation
It is recommended to upgrade to the latest software version to mitigate this vulnerability. A security audit should also be conducted to assess potential threats.
Original NVD description (English source)
An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). This issue uniquely affects version 17.4.0; earlier software releases are not exposed.

