CVE-2025-2767

Name of the Vulnerable Software and Affected Versions Arista NG Firewall (affected versions not specified)

Description This issue allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall with minimal user interaction required. The flaw exists within the processing of the User-Agent HTTP header due to the lack of proper validation of user-supplied data, leading to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of root.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.