CVE Catalog

CVE-2026-25620

MediumCVSS 6.0
Published: Updated: Translated: NVD NIST

Summary

An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management. This issue uniquely affects version 17.4.0; earlier software releases are not exposed.

Risk Assessment

This vulnerability may allow attackers to inject malicious commands, potentially leading to unauthorized access to the system. Organizations using the affected version should take immediate action to secure their systems.

Recommendation

It is recommended to upgrade to the latest software version to mitigate this vulnerability. A security audit should also be conducted to assess potential threats.

Original NVD description (English source)

An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). This issue uniquely affects version 17.4.0; earlier software releases are not exposed.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS