CVE Catalog

CVE-2026-25624

MediumCVSS 5.7
Published: Updated: Translated: NVD NIST

Summary

An administrative cross-site scripting (XSS) vulnerability exists in the web user interface dashboard layout of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Unvalidated user-supplied variables are echoed back to administrative profiles, facilitating vector payload processing behavior controls.

Risk Assessment

This vulnerability could lead to the compromise of administrative accounts, posing a significant threat to the security of the system and organizational data.

Recommendation

It is recommended to update the software to the latest version and implement input validation mechanisms in the user interface.

Original NVD description (English source)

An administrative cross-site scripting (XSS) vulnerability exists in the web user interface dashboard layout of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Unvalidated user-supplied variables are echoed back to administrative profiles, facilitating vector payload processing behavior controls.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS