CVE-2025-2767 – Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution

April 23, 2025

CVE ID : CVE-2025-2767

Published : April 23, 2025, 5:16 p.m. | 1 hour, 42 minutes ago

Description : Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Minimal user interaction is required to exploit this vulnerability.

The specific flaw exists within the processing of the User-Agent HTTP header. The issue results from the lack of proper validation of user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24407.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-2763 – CarlinKit CPC200-CCPA Cryptographic Signature Verification Bypass Code Execution Vulnerability

Next Article CVE-2025-28025 – TOTOLINK Router Buffer Overflow Vulnerability

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

I tested the Hexgears DeathStrike GK760 mechanical keyboard, and it has one tremendous downside

The Division 2 Battle for Brooklyn has a launch date, and it’s sooner than you think

Xbox Cloud Gaming is now available on LG TVs, letting players stream games like The Elder Scrolls 4: Oblivion Remastered

“This is everything I’ve ever dreamed of.” I can’t believe Oblivion Remastered players already have it working in VR — here’s the mod they’re using

The 2025 Work Trend Index Annual Report: The Year the Frontier Firm Is Born

The 2025 Work Trend Index Annual Report: The Year the Frontier Firm Is Born

My journey from Webpack to Vite and finally Rsbuild

What’s the point of Headless?

I tested the Hexgears DeathStrike GK760 mechanical keyboard, and it has one tremendous downside

I tested the Hexgears DeathStrike GK760 mechanical keyboard, and it has one tremendous downside

The Division 2 Battle for Brooklyn has a launch date, and it’s sooner than you think

Xbox Cloud Gaming is now available on LG TVs, letting players stream games like The Elder Scrolls 4: Oblivion Remastered

CVE-2025-2767 – Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution

April 2025 Patch Tuesday: One Zero-Day and 11 Critical Vulnerabilities Among 121 CVEs

1000+ Unique IPs Attacking Ivanti Connect Secure Systems to Exploit Vulnerabilities

HPE Performance Cluster Manager Vulnerability Allow Remote Attacker to Bypass Authentication

JavaScript Essentials

Chinese Hackers Use GHOSTSPIDER Malware to Hack Telecoms Across 12+ Countries

How To Use Chrome’s Developer Tools

The Rise of Agentic Retrieval-Augmented Generation (RAG) in Artificial Intelligence AI

Automate database user management with AWS Lambda and AWS Systems Manager

It Made Me Feel Broke Drake Gold Coast 2025 Shirt

Configure Amazon Q Business with AWS IAM Identity Center trusted identity propagation

CVE-2025-2767 – Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution

Related Posts