CVE-2026-25622 PUBLISHED

Arista Edge Threat Management NGFW Captive Portal Custom Handler Command Injection

Assigner: Arista
Reserved: 03.02.2026 Published: 05.06.2026 Updated: 05.06.2026

A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). On affected platforms, an administrative account logged into the user interface can exploit this input handling behavior to execute arbitrary platform shell commands.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/S:P
CVSS Score: 7

Product Status

Vendor Arista Networks
Product Arista Edge Threat Management - Arista Next Generation Firewall (NGFW)
Versions Default: unaffected
  • affected from 0 to 17.4.0 (incl.)

Affected Configurations

A successful attack requires authenticated administrative interface access rights over the targeted NGFW UI deployment endpoint.

Workarounds

Per operational best practice security models, do not allow unauthorized administrative access to the administrative browser.

Solutions

The recommended resolution is to upgrade to NGFW Version 17.4.1 at your earliest convenience.

Credits

  • Jon Williams & Ronan Kervella from Bishop Fox finder

References

Problem Types

  • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE

Impacts

  • CAPEC-88 OS Command Injection