CVE-2026-25624 MEDIUM

CVE-2026-25624: Arista Edge Threat Management NGFW UI Administrative Cross-Site Scripting

Vendor Arista Networks
Product Arista Edge Threat Management - Arista Next Generation Firewall (NGFW)
Weakness CWE-79 · XSS
Published June 5, 2026
Last update June 5, 2026
View on NVD All CVEs

CVSS base score

5.7/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:L

What the vulnerability does

01Description

An administrative cross-site scripting (XSS) vulnerability exists in the web user interface dashboard layout of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Unvalidated user-supplied variables are echoed back to administrative profiles, facilitating vector payload processing behavior controls.

Key dates

02Disclosure timeline

June 5, 2026 CVE published
June 5, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-57932 WordPress PowerFolio Plugin <= 3.2.1 - Cross Site Scripting (XSS) Vulnerability CVE-2023-39918 WordPress Booking Package Plugin <= 1.6.01 is vulnerable to Cross Site Scripting (XSS) CVE-2025-47783 label-studio vulnerable to Cross-Site Scripting (Reflected) via the label_config parameter. CVE-2021-29460 Cross-site scripting (XSS) from unsanitized uploaded SVG files CVE-2024-9027 WPZOOM Shortcodes <= 1.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via box Shortcode