• CVE-2025-6978 exposes command injection in Arista NG Firewall’s diagnostics component. • Remote authenticated attackers can craft HTTP requests to execute arbitrary commands as root. • Vulnerability discovered by Gereon Huppertz, reported through TrendAI Zero Day Initiative. • Arista NG Firewall, formerly Untangle, is open-source and managed via web UI or JSON‑RPC API. • Improper validation of user data in diagnostics allows injection of malicious commands. • Patch is available; administrators should update firmware immediately to mitigate root‑level exploitation.
Article Summaries:
- Summary
TrendAI Research Services reported that a command‑injection flaw (CVE‑2025‑6978) in the Arista NG Firewall’s diagnostics component allows a remote, authenticated attacker to send crafted JSON‑RPC requests that execute arbitrary commands as the root user. The vulnerability stems from insufficient validation of user‑supplied data used in the runTroubleshooting() method. Originally discovered by Gereon Huppertz and disclosed through the TrendAI Zero Day Initiative, the issue has since been patched by Arista. The fix prevents attackers from exploiting the firewall’s root‑level execution capabilities.
Sources: