Sensitive Information Exposure in Arista's Captive Portal
CVE-2025-6980

7.5HIGH

Key Information:

Vendor: Arista Networks
Status: Arista Edge Threat Management - Arista Next Generation Firewall
Vendor: CVE Published:; 23 October 2025

🔔 Create Arista Networks Vulnerability Alert

What is CVE-2025-6980?

Arista's Captive Portal may inadvertently expose sensitive information due to improper handling of user data. This vulnerability can lead to unauthorized access to confidential data, demanding immediate attention to safeguard user privacy and strengthen security measures.

Affected Version(s)

Arista Edge Threat Management - Arista Next Generation Firewall 0.0 <= 17.3.1

References

https://https://www.arista.com/en/support/advisories-noti...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 23, 2025
Vulnerability Reserved
Jul 1, 2025

Credit

Arista would like to acknowledge and thank Gereon Huppertz working with Trend Zero Day Initiative for reporting CVE-2025-6980

JSON