CVE-2026-25621 Arista Networks CVE debrief

Who should care

Administrators and users of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW) version 17.4.0 should be aware of this vulnerability and take necessary actions to mitigate the risk.

Technical summary

The vulnerability is caused by insecure input validation in the Reports application infrastructure of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). This issue uniquely affects version 17.4.0; earlier software releases are not exposed. The CVSS vector for this vulnerability is CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:P/AU:X/R:X/V:X/RE:X/U:X.

Defensive priority

HIGH

Recommended defensive actions

• Apply the patch or update to a fixed version of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW) as recommended by the vendor.
• Refer to the vendor advisory for more information and mitigation strategies: [ref-4](https://www.arista.com/en/support/advisories-notices/security-advisory/23399-security-advisory-0133)

Evidence notes

The vulnerability is classified under CWE-78.

Official resources