CVE-2025-6978 – Arista NG Firewall Command Injection Vulnerability
“A trusted diagnostics tool can become a weapon, allowing attackers to execute commands directly on the firewall.”
This patch addresses a high-severity vulnerability (CVE-2025-6978) affecting Arista NG Firewall (formerly Untangle). The flaw exists in the diagnostics troubleshooting component, where improper validation of user-supplied input allows command injection through the system’s troubleshooting functionality.
An attacker with administrative or elevated privileges can send crafted requests to the diagnostics interface and inject shell commands into the underlying operating system. Successful exploitation can result in arbitrary command execution with root privileges, potentially allowing attackers to manipulate firewall behavior, access sensitive data, or disrupt network protection services. CVE-2025-6978 carries a CVSS v3.1 score of 7.2 (High).
Arista released a fix in NG Firewall version 17.4, which strengthens input validation in the diagnostics component and prevents malicious commands from being passed to the system shell.
Key Details
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- High
- User Interaction
- None
- CWE Classification
- CWE-78