PatchSiren cyber security CVE debrief
CVE-2026-25624 Arista Networks CVE debrief
CVE-2026-25624 is a MEDIUM severity vulnerability in Arista Edge Threat Management - Arista Next Generation Firewall. An administrative cross-site scripting (XSS) vulnerability exists in the web user interface dashboard layout. Unvalidated user-supplied variables are echoed back to administrative profiles, facilitating vector payload processing behavior controls.
- Vendor
- Arista Networks
- Product
- Arista Edge Threat Management - Arista Next Generation Firewall (NGFW)
- CVSS
- MEDIUM 5.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-05
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-05
- Advisory updated
- 2026-06-08
Who should care
Administrators and users of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW) should be aware of this vulnerability.
Technical summary
The vulnerability has a CVSS score of 5.8 and is classified as CWE-79. The affected product is Arista NG Firewall, with versions prior to 17.4.1 being vulnerable.
Defensive priority
MEDIUM
Recommended defensive actions
- Apply the patch or upgrade to a non-vulnerable version of Arista NG Firewall.
- Refer to the vendor advisory for more information: [ref-4](https://www.arista.com/en/support/advisories-notices/security-advisory/23399-security-advisory-0133)
Evidence notes
The CVE record and NVD detail can be found at: [cve-org](https://www.cve.org/CVERecord?id=CVE-2026-25624) and [nvd](https://nvd.nist.gov/vuln/detail/CVE-2026-25624).
Official resources
-
CVE-2026-25624 CVE record
CVE.org
-
CVE-2026-25624 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
CVE-2026-25624 was published on 2026-06-05T20:17:31.160Z and modified on 2026-06-08T19:08:16.633Z.