CVE-2026-25624
MediumCVSS 5.7Summary
An administrative cross-site scripting (XSS) vulnerability exists in the web user interface dashboard layout of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Unvalidated user-supplied variables are echoed back to administrative profiles, facilitating vector payload processing behavior controls.
Risk Assessment
This vulnerability could lead to the compromise of administrative accounts, posing a significant threat to the security of the system and organizational data.
Recommendation
It is recommended to update the software to the latest version and implement input validation mechanisms in the user interface.
Original NVD description (English source)
An administrative cross-site scripting (XSS) vulnerability exists in the web user interface dashboard layout of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Unvalidated user-supplied variables are echoed back to administrative profiles, facilitating vector payload processing behavior controls.

