CVE-2026-25623 MEDIUM

CVE-2026-25623: Arista Edge Threat Management NGFW UI Arbitrary Command Execution

Vendor Arista Networks

Product Arista Edge Threat Management - Arista Next Generation Firewall (NGFW)

Weakness CWE-78

Published June 5, 2026

Last update June 5, 2026

View on NVD All CVEs

CVSS base score

6.0/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L

What the vulnerability does

01Description

An input validation command execution vulnerability exists in the browser management pipeline of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Authenticated administrators can leverage this exposure to obtain underlying terminal script code processing execution permissions.

Key dates

02Disclosure timeline

June 5, 2026 CVE published

June 5, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-25623 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

Identifiers

CVE CVE-2026-25623

CWE CWE-78

CVSS 6.0 / MEDIUM

Affected versions