CVE-2025-6978

Published Oct 23, 2025

Last updated 3 months ago

CVSS high 7.2

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-6978 describes a command injection vulnerability found in the Arista NG Firewall. This flaw stems from insufficient validation of user-supplied data within the diagnostics component of the firewall. A remote, authenticated attacker can exploit this vulnerability by sending specially crafted requests to the target server. Successful exploitation could enable the attacker to execute arbitrary commands with the privileges of the root user. The vulnerability is categorized under CWE-78, indicating an "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')".

Description
Diagnostics command injection vulnerability
Source
psirt@arista.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.2
Impact score
5.9
Exploitability score
1.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

psirt@arista.com
CWE-78

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. Top 5 Trending CVEs: 1 - CVE-2026-21509 2 - CVE-2025-55182 3 - CVE-2025-6978 4 - CVE-2025-8088 5 - CVE-2025-62203 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    6 Feb 2026

    128 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 『Successful exploitation could result in arbitrary command execution under the security context of the root user.』 CVE-2025-6978: Arbitrary Code Execution in the Arista NG Firewall https://t.co/FLUNOBwBnc

    @autumn_good_35

    6 Feb 2026

    426 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    1 Reply

    0 Quotes

  3. CVE-2025-6978: Arbitrary Code Execution in the #Arista NG Firewall - our researchers took a deep dive into this recently patched RCE to provide root cause and detection guidance. Read all the details at https://t.co/aJdPG5bS3E

    @thezdi

    5 Feb 2026

    5308 Impressions

    13 Retweets

    59 Likes

    23 Bookmarks

    0 Replies

    1 Quote

  4. CVE-2025-6978 (CVSS:7.2, HIGH) is Awaiting Analysis. Diagnostics command injection vulnerability..https://t.co/zhHguHxZGT #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre

    @cracbot

    28 Oct 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-6978 Diagnostics command injection vulnerability https://t.co/BxOMwTwFhz

    @CVEnew

    23 Oct 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.