CVE-2025-2767 – Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution

April 23, 2025

CVE ID : CVE-2025-2767

Published : April 23, 2025, 5:16 p.m. | 1 hour, 42 minutes ago

Description : Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Minimal user interaction is required to exploit this vulnerability.

The specific flaw exists within the processing of the User-Agent HTTP header. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24407.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-2763 – CarlinKit CPC200-CCPA Cryptographic Signature Verification Bypass Code Execution Vulnerability

Next Article CVE-2025-28025 – TOTOLINK Router Buffer Overflow Vulnerability

The Value-Driven AI Roadmap

This week in AI updates: Mistral’s new Le Chat features, ChatGPT updates, and more (September 5, 2025)

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

Lenovo Legion Go 2 specs unveiled: The handheld gaming device to watch this October

As Windows 10 support ends, users weigh costly extended security program against upgrading to Windows 11

Lenovo’s Legion Glasses 2 update could change handheld gaming

Is Lenovo’s refreshed LOQ tower enough to compete? New OLED monitors raise the stakes at IFA 2025

External Forces Reshaping Financial Services in 2025 and Beyond

External Forces Reshaping Financial Services in 2025 and Beyond

Why It’s Time to Move from SharePoint On-Premises to SharePoint Online

Apple’s Big Move: The Future of Mobile

Lenovo Legion Go 2 specs unveiled: The handheld gaming device to watch this October

Lenovo Legion Go 2 specs unveiled: The handheld gaming device to watch this October

As Windows 10 support ends, users weigh costly extended security program against upgrading to Windows 11

Lenovo’s Legion Glasses 2 update could change handheld gaming

CVE-2025-2767 – Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution

20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack

TOR-Based Cryptojacking Attack Expands Through Misconfigured Docker APIs

Invisible UX Friction

VideoDubber’s YouTube Copyright Checker

CVE-2025-1048 – Sonos Era 300 Speaker SMB Use-After-Free Remote Code Execution Vulnerability

CVE-2025-38164 – VirtualBox F2FS Inconsistent Segment Type

“The original Mass Effect trilogy was absolutely an inspiration.” The RPG experts behind WH40K: Rogue Trader are hitting it big with ‘The Expanse: Osiris Reborn’

CVE-2025-46241 – Codepeople Appointment Booking Calendar CSRF-Enabled SQL Injection

CVE-2025-32963 – MinIO Operator STS Unauthenticated Kubernetes API Server Impersonation Vulnerability

Step by Step Coding Guide to Build a Neural Collaborative Filtering (NCF) Recommendation System with PyTorch

CVE-2025-2767 – Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution

Related Posts