CVE-2026-25624

Summary

An administrative cross-site scripting (XSS) vulnerability exists in the web user interface dashboard layout of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Unvalidated user-supplied variables are echoed back to administrative profiles, facilitating vector payload processing behavior controls.

Affected Software

VendorProductVersion RangeStatus
Arista NetworksArista Edge Threat Management - Arista Next Generation Firewall (NGFW)0 <= 17.4.0affected

Weaknesses

  • CWE-79: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-Site Scripting')

Workarounds

Per operational best practice security models, do not allow unauthorized administrative access to the administrative browser.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References