CVE-2026-25622EPSS p95.1%

CVE-2026-25622CVE-2026-25622

arista / ng_firewall

Description

A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). On affected platforms, an administrative account logged into the user interface can exploit this input handling behavior to execute arbitrary platform shell commands.

Scoring

CVSS 6.0 ()
VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
EPSS10.24% probability of exploitation · percentile 95.1% · 2026-06-19T12:03:05Z
Last modified2026-06-08

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-25623
CVE
CVE-2026-25620
CVE
CVE-2026-25624
CVE
CVE-2026-25621
CVE
CVE-2025-2767
CVE
CVE-2025-20265
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.