CVE-2026-25620: ng firewall vulnerability

An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). This issue uniquely affects version 17.4.0; earlier software releases are not...
CVE-2026-25620CVSS 7.0Firewall

CVE-2026-25620: ng firewall vulnerability

An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). This issue uniquely affects version 17.4.0; earlier software releases are not...

CVSS
7.0 HIGH
EPSS
95.12%
Known exploited
not in KEV
Product
ng firewall

What is known

An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). This issue uniquely affects version 17.4.0; earlier software releases are not exposed.

Sources