Authentication Bypass in Arista Captive Portal
CVE-2025-6979

8.8HIGH

Key Information:

Vendor: Arista Networks
Status: Arista Edge Threat Management - Arista Next Generation Firewall
Vendor: CVE Published:; 23 October 2025

🔔 Create Arista Networks Vulnerability Alert

What is CVE-2025-6979?

The Captive Portal by Arista Networks is susceptible to an issue that could allow attackers to bypass authentication controls. This vulnerability poses significant risks, as unauthorized access could lead to security breaches within network environments. It's crucial for users to stay informed about this risk and apply necessary updates to their systems to mitigate potential exploitation.

Affected Version(s)

Arista Edge Threat Management - Arista Next Generation Firewall 0.0 <= 17.3.1

References

https://https://www.arista.com/en/support/advisories-noti...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 23, 2025
Vulnerability Reserved
Jul 1, 2025

Credit

Arista would like to acknowledge and thank Gereon Huppertz working with Trend Zero Day Initiative for reporting CVE-2025-6979

JSON