PT-2026-47047 · Arista Networks · Arista Edge Threat Management - Arista Next Generation Firewall
Published
2026-06-05
·
Updated
2026-06-05
·
CVE-2026-25622
CVSS v3.1
6.0
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L |
A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). On affected platforms, an administrative account logged into the user interface can exploit this input handling behavior to execute arbitrary platform shell commands.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Arista Edge Threat Management - Arista Next Generation Firewall