Vulnerability Details CVE-2026-25623
An input validation command execution vulnerability exists in the browser management pipeline of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Authenticated administrators can leverage this exposure to obtain underlying terminal script code processing execution permissions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 22.2%
CVSS Severity
CVSS v3 Score 6.0
References
Products affected by CVE-2026-25623
-
cpe:2.3:a:arista:ng_firewall:13.0.0
-
cpe:2.3:a:arista:ng_firewall:13.1.0
-
cpe:2.3:a:arista:ng_firewall:13.1.1
-
cpe:2.3:a:arista:ng_firewall:13.2.0
-
cpe:2.3:a:arista:ng_firewall:13.2.1
-
cpe:2.3:a:arista:ng_firewall:14.0.0
-
cpe:2.3:a:arista:ng_firewall:14.0.1
-
cpe:2.3:a:arista:ng_firewall:14.1.0
-
cpe:2.3:a:arista:ng_firewall:14.1.1
-
cpe:2.3:a:arista:ng_firewall:14.1.2
-
cpe:2.3:a:arista:ng_firewall:14.2.0
-
cpe:2.3:a:arista:ng_firewall:14.2.1
-
cpe:2.3:a:arista:ng_firewall:14.2.2
-
cpe:2.3:a:arista:ng_firewall:15.0.0
-
cpe:2.3:a:arista:ng_firewall:15.1
-
cpe:2.3:a:arista:ng_firewall:15.1.1
-
cpe:2.3:a:arista:ng_firewall:15.1.2
-
cpe:2.3:a:arista:ng_firewall:16.0
-
cpe:2.3:a:arista:ng_firewall:16.1
-
cpe:2.3:a:arista:ng_firewall:16.2
-
cpe:2.3:a:arista:ng_firewall:16.2.1
-
cpe:2.3:a:arista:ng_firewall:16.2.2
-
cpe:2.3:a:arista:ng_firewall:16.3
-
cpe:2.3:a:arista:ng_firewall:16.3.2
-
cpe:2.3:a:arista:ng_firewall:16.4
-
cpe:2.3:a:arista:ng_firewall:16.4.1
-
cpe:2.3:a:arista:ng_firewall:16.5
-
cpe:2.3:a:arista:ng_firewall:16.5.1
-
cpe:2.3:a:arista:ng_firewall:16.5.2
-
cpe:2.3:a:arista:ng_firewall:16.6
-
cpe:2.3:a:arista:ng_firewall:16.6.1
-
cpe:2.3:a:arista:ng_firewall:16.6.2
-
cpe:2.3:a:arista:ng_firewall:17.0
-
cpe:2.3:a:arista:ng_firewall:17.1
-
cpe:2.3:a:arista:ng_firewall:17.1.1
-
cpe:2.3:a:arista:ng_firewall:17.2
-
cpe:2.3:a:arista:ng_firewall:17.3
-
cpe:2.3:a:arista:ng_firewall:17.3.1
-
cpe:2.3:a:arista:ng_firewall:17.4