CVE-2026-25621

Description

A Reports application infrastructure vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW) due to insecure input validation. This issue uniquely affects version 17.4.0; earlier software releases are not exposed.

CVSS breakdown

CVSS 4.0

Attack Vector

Network

Attack Complexity

Low

Attack Requirements

None

Privileges Required

High

User Interaction

None

Confidentiality (Vulnerable System)

High

Integrity (Vulnerable System)

Low

Availability (Vulnerable System)

Low

Confidentiality (Subsequent System)

Low

Integrity (Subsequent System)

Low

Availability (Subsequent System)

Low

Scope

Physical

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

Low

Affected products

Arista Networks / Arista Edge Threat Management - Arista Next Generation Firewall (NGFW)17.4.0 – 17.4.0

References

VENDOR_ADVISORYhttps://www.arista.com/en/support/advisories-notices/security-advisory/23399-security-advisory-0133