CVE-2026-25620

Name of the Vulnerable Software and Affected Versions Arista Edge Threat Management - Arista Next Generation Firewall (NGFW) version 17.4.0

Description An encrypted password command injection vulnerability exists in the Captive Portal application framework. Command injection is a flaw that allows an attacker to execute arbitrary operating system commands on the server.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.