CVE Catalog

CVE-2026-25622

MediumCVSS 6.0
Published: Updated: Translated: NVD NIST

Summary

A command injection vulnerability exists in the Captive Portal Custom Handler of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). An administrative account logged into the user interface can exploit this vulnerability to execute arbitrary platform shell commands.

Risk Assessment

This vulnerability could lead to unauthorized access to the system and execution of malicious code, posing a serious threat to the organization's security.

Recommendation

It is recommended to update the software to the latest version to mitigate this vulnerability and to monitor logs for potential exploitation attempts.

Original NVD description (English source)

A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). On affected platforms, an administrative account logged into the user interface can exploit this input handling behavior to execute arbitrary platform shell commands.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS