Skip to main content

Arista NGFW CVE-2026-25623

| EUVD-2026-34909 HIGH
OS Command Injection (CWE-78)
2026-06-05 psirt@arista.com GHSA-q9j2-m53h-872m
Command Injection Ng Firewall
7.0
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
7.0 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
P

Lifecycle Timeline

1
Analysis Generated
Jun 05, 2026 - 20:35 vuln.today

DescriptionCVE.org

An input validation command execution vulnerability exists in the browser management pipeline of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Authenticated administrators can leverage this exposure to obtain underlying terminal script code processing execution permissions.

AnalysisAI

Authenticated command injection in Arista Edge Threat Management Next Generation Firewall (NGFW) allows administrators with existing access to the browser management pipeline to break out and execute arbitrary terminal/shell script code on the underlying appliance OS. The flaw stems from insufficient input validation (CWE-78) within management-plane functionality and carries a CVSS 4.0 score of 7.0 with no public exploit identified at time of analysis. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain NGFW admin credentials
Delivery
Reach browser management interface
Exploit
Submit crafted input to vulnerable pipeline
Execution
Shell metacharacters injected into OS command
Persist
Execute arbitrary script as management process
Impact
Tamper with firewall policy and pivot
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires a valid high-privilege administrator account on the Arista NGFW (CVSS PR:H) plus network reachability to the browser-based management interface, and the attacker must interact with the specific 'browser management pipeline' endpoint that fails to validate input before passing it to a shell/script interpreter. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Risk is moderate rather than critical. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who has obtained or phished an NGFW administrator credential - or a malicious insider with admin rights - logs into the browser management console and submits a crafted request to the vulnerable management pipeline whose parameters include shell metacharacters. The injected command runs as the underlying management process, giving the attacker an interactive foothold on the firewall to disable filtering rules, exfiltrate configuration and traffic captures, or pivot deeper into the network. …
Remediation Patch status from the available data is best described as: patch available per vendor advisory - consult Arista Security Advisory 0133 (https://www.arista.com/en/support/advisories-notices/security-advisory/23399-security-advisory-0133) for the exact fixed version and upgrade path, as no specific fix version was supplied in the input data and version numbers should not be invented. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

24-hour: Inventory all Arista NGFW instances and document administrative access control lists; identify any non-essential administrative users or remote access. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-25623 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy