Command Injection Vulnerability in Arista Product
CVE-2025-6978

7.2HIGH

Key Information:

Vendor: Arista Networks
Status: Arista Edge Threat Management - Arista Next Generation Firewall
Vendor: CVE Published:; 23 October 2025

🔔 Create Arista Networks Vulnerability Alert

What is CVE-2025-6978?

A command injection vulnerability has been identified in Arista network switches, allowing attackers to execute arbitrary commands on affected devices through the diagnostics interface. This flaw can lead to severe security risks, enabling unauthorized access and potential manipulation of the system. Proper measures should be implemented to mitigate the impact of this vulnerability, ensuring the security of network operations.

Affected Version(s)

Arista Edge Threat Management - Arista Next Generation Firewall 0.0 <= 17.3.1

References

https://https://www.arista.com/en/support/advisories-noti...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 23, 2025
Vulnerability Reserved
Jul 1, 2025

Credit

Arista would like to acknowledge and thank Gereon Huppertz working with Trend Zero Day Initiative for reporting CVE-2025-6978

JSON