CVE-2026-25624
Administrative XSS in Arista NGFW Web UI
Publication date: 2026-06-05
Last updated on: 2026-06-05
Assigner: Arista Networks, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| arista | edge_threat_management | * |
| arista | next_generation_firewall | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an administrative cross-site scripting (XSS) issue found in the web user interface dashboard layout of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). It occurs because user-supplied variables are not properly validated and are echoed back to administrative profiles, which allows malicious scripts to be executed within the administrative interface.
How can this vulnerability impact me? :
The vulnerability can allow attackers to execute malicious scripts in the context of administrative users. This can lead to unauthorized actions, data theft, or manipulation of firewall settings by exploiting the administrative interface, potentially compromising the security of the network protected by the firewall.