CVE-2026-25621
Description
Arista NGFW Reports application has an insecure input validation vulnerability, allowing command injection for authenticated administrators.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Arista NGFW Reports application has an insecure input validation vulnerability, allowing command injection for authenticated administrators.
Vulnerability
A Reports application vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW) due to insecure input validation. This issue uniquely affects version 17.4.0; earlier software releases are not exposed [1].
Exploitation
An attacker with administrative privileges logged into the user interface can exploit this vulnerability. The attacker needs network access to the firewall's administrative interface and must be authenticated [1].
Impact
Successful exploitation allows an attacker to inject commands, leading to potential disclosure of sensitive information, modification of data, and denial of service. The scope of the compromise is limited to the privileges of the authenticated administrative user [1].
Mitigation
This vulnerability is fixed in Arista NGFW version 17.4.0. No workarounds are disclosed in the available references. The advisory was initially released on February 3, 2026 [1].
AI Insight generated on Jun 5, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: =17.4.0
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1News mentions
0No linked articles in our index yet.