PatchSiren cyber security CVE debrief
CVE-2026-25620 Arista Networks CVE debrief
An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). This issue uniquely affects version 17.4.0; earlier software releases are not exposed. The vulnerability has a CVSS score of 7 and is classified as HIGH.
- Vendor
- Arista Networks
- Product
- Arista Edge Threat Management - Arista Next Generation Firewall (NGFW)
- CVSS
- HIGH 7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-05
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-05
- Advisory updated
- 2026-06-08
Who should care
Administrators and users of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW) version 17.4.0 should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). It is caused by an encrypted password command injection issue. The Common Vulnerabilities and Exposures (CVE) score is 7, indicating a HIGH severity level.
Defensive priority
HIGH
Recommended defensive actions
- Apply the patch or update to a fixed version of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW) as recommended by the vendor.
- Refer to the vendor advisory for more information and mitigation strategies. [ref-4]
Evidence notes
The information provided is based on the CVE record and the National Vulnerability Database (NVD) details.
Official resources
-
CVE-2026-25620 CVE record
CVE.org
-
CVE-2026-25620 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory, Mitigation
CVE-2026-25620 was published on 2026-06-05T20:17:30.447Z and modified on 2026-06-08T19:15:23.813Z.