CVE-2025-6980 - Vulnerability Details - OpenCVE

Captive Portal can expose sensitive information

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Exploitation none

Automatable yes

Technical Impact partial

No data.

No data.

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

The recommended resolution is to upgrade to the version indicated below at your earliest convenience. * 17.4 Upgrade

Workaround

Do not allow non-authorized administrative access or access to the administrative browser.

References

Link	Providers
https://https://www.arista.com/en/support/advisories-notices/security-advisory/22535-security-advisory-0123

History

Thu, 23 Oct 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 23 Oct 2025 19:00:00 +0000

Type	Values Removed	Values Added
Description		Captive Portal can expose sensitive information
Title		Captive Portal can expose sensitive information
Weaknesses		CWE-200
References		https://https://www.arista.com/en/support/advisories-notices/security-advisory/22535-security-advisory-0123
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}`

MITRE

Status: PUBLISHED

Assigner: Arista

Published: 2025-10-23T18:41:47.326Z

Updated: 2025-10-23T18:59:58.995Z

Reserved: 2025-07-01T16:53:05.372Z

Link: CVE-2025-6980

Vulnrichment

Updated: 2025-10-23T18:59:55.716Z

NVD

Status : Received

Published: 2025-10-23T19:15:51.667

Modified: 2025-10-23T19:15:51.667

Link: CVE-2025-6980

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-6980", "assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "state": "PUBLISHED", "assignerShortName": "Arista", "dateReserved": "2025-07-01T16:53:05.372Z", "datePublished": "2025-10-23T18:41:47.326Z", "dateUpdated": "2025-10-23T18:59:58.995Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Arista Edge Threat Management - Arista Next Generation Firewall", "vendor": "Arista Networks", "versions": [{"lessThanOrEqual": "17.3.1", "status": "affected", "version": "0.0", "versionType": "custom"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<h4>1) CVE-2025-6980 (ZDI-CAN-27006) - Captive Portal can expose sensitive information</h4><div><b>Required Configuration for Exploitation</b></div><div> </div><div>If the Captive Portal application is installed and enabled, the systems are vulnerable.</div><div> </div><div>To access this information:</div><ol><li>As the NGFW administrator, log into the UI and navigate to the Captive Portal application.</li><li>If the Captive Portal application is not installed, the system is not vulnerable.</li><li>If Captive Portal is not enabled, the system is not vulnerable.</li></ol><p><img alt=\"Captive Portal as enabled\" src=\"https://www.arista.com/assets/images/article/SA-123-1.png\"></p><p>The above shows Captive Portal as enabled.</p><h4>Indicators of Compromise</h4><div>No evidence of compromise exists.</div><div> </div><h4>Mitigation</h4><p>Disable Captive Portal.</p><div>As the NGFW administrator, log into the UI and navigate to the Captive Portal application.</div><ol><li>If the Captive Portal application is not installed, the system is not vulnerable.</li><li>If Captive Portal is not enabled, the system is not vulnerable.</li><li>Move the Enabled slider to disabled.</li><li>Click Save</li><li>Disable Captive Portal.</li></ol><p><img alt=\"Captive Portal as enabled\" src=\"https://www.arista.com/assets/images/article/SA-123-2.png\"></p><div> </div><h4>2) CVE-2025-6979 (ZDI-CAN-27007) - Captive Portal can allow authentication bypass</h4><div><b>Required Configuration for Exploitation</b></div><div> </div><div>If the Captive Portal application is installed and enabled, the systems are vulnerable.</div><div> </div><div>To access this information:</div><ol><li>As the NGFW administrator, log into the UI and navigate to the Captive Portal application.</li><li>If the Captive Portal application is not installed, the system is not vulnerable.</li><li>If Captive Portal is not enabled, the system is not vulnerable.</li></ol><p><img alt=\"Captive Portal as enabled\" src=\"https://www.arista.com/assets/images/article/SA-123-1.png\"></p><h4>Indicators of Compromise</h4><p>No evidence of compromise exists.</p><h4>Mitigation</h4><p>Disable Captive Portal.</p><div>As the NGFW administrator, log into the UI and navigate to the Captive Portal application.</div><ol><li>If the Captive Portal application is not installed, the system is not vulnerable.</li><li>If Captive Portal is not enabled, the system is not vulnerable.</li><li>Move the Enabled slider to disabled.</li><li>Click Save</li><li>Disable Captive Portal.</li></ol><p><img alt=\"Captive Portal as enabled\" src=\"https://www.arista.com/assets/images/article/SA-123-2.png\"></p><h4>3) CVE-2025-6978 (ZDI-CAN-27310) - Diagnostics command injection vulnerability</h4><p><b>Required Configuration for Exploitation</b></p><ol><li>A successful attack requires administrative access to the NGFW UI.</li></ol><br>"}], "value": "1) CVE-2025-6980 (ZDI-CAN-27006) - Captive Portal can expose sensitive informationRequired Configuration for Exploitation\n\n\u00a0\n\nIf the Captive Portal application is installed and enabled, the systems are vulnerable.\n\n\u00a0\n\nTo access this information:\n\n * As the NGFW administrator, log into the UI and navigate to the Captive Portal application.\n * If the Captive Portal application is not installed, the system is not vulnerable.\n * If Captive Portal is not enabled, the system is not vulnerable.\n\n\nThe above shows Captive Portal as enabled.\n\nIndicators of CompromiseNo evidence of compromise exists.\n\n\u00a0\n\nMitigationDisable Captive Portal.\n\nAs the NGFW administrator, log into the UI and navigate to the Captive Portal application.\n\n * If the Captive Portal application is not installed, the system is not vulnerable.\n * If Captive Portal is not enabled, the system is not vulnerable.\n * Move the Enabled slider to disabled.\n * Click Save\n * Disable Captive Portal.\n\n\n\u00a0\n\n2) CVE-2025-6979 (ZDI-CAN-27007) - Captive Portal can allow authentication bypassRequired Configuration for Exploitation\n\n\u00a0\n\nIf the Captive Portal application is installed and enabled, the systems are vulnerable.\n\n\u00a0\n\nTo access this information:\n\n * As the NGFW administrator, log into the UI and navigate to the Captive Portal application.\n * If the Captive Portal application is not installed, the system is not vulnerable.\n * If Captive Portal is not enabled, the system is not vulnerable.\n\n\nIndicators of CompromiseNo evidence of compromise exists.\n\nMitigationDisable Captive Portal.\n\nAs the NGFW administrator, log into the UI and navigate to the Captive Portal application.\n\n * If the Captive Portal application is not installed, the system is not vulnerable.\n * If Captive Portal is not enabled, the system is not vulnerable.\n * Move the Enabled slider to disabled.\n * Click Save\n * Disable Captive Portal.\n\n\n3) CVE-2025-6978 (ZDI-CAN-27310) - Diagnostics command injection vulnerabilityRequired Configuration for Exploitation\n\n * A successful attack requires administrative access to the NGFW UI."}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:arista_networks:arista_edge_threat_management_-_arista_next_generation_firewall:*:*:*:*:*:*:*:*", "versionEndIncluding": "17.3.1", "versionStartIncluding": "0.0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "credits": [{"lang": "en", "type": "finder", "value": "Arista would like to acknowledge and thank Gereon Huppertz working with Trend Zero Day Initiative for reporting CVE-2025-6980"}], "datePublic": "2025-10-21T15:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Captive Portal can expose sensitive information</span><br>"}], "value": "Captive Portal can expose sensitive information"}], "impacts": [{"capecId": "CAPEC-410", "descriptions": [{"lang": "en", "value": "CAPEC-410 Information Elicitation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "shortName": "Arista", "dateUpdated": "2025-10-23T18:41:47.326Z"}, "references": [{"url": "https://https://www.arista.com/en/support/advisories-notices/security-advisory/22535-security-advisory-0123"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>The recommended resolution is to upgrade to the version indicated below at your earliest convenience.</p><ul><li>17.4 Upgrade</li></ul>"}], "value": "The recommended resolution is to upgrade to the version indicated below at your earliest convenience.\n\n * 17.4 Upgrade"}], "source": {"advisory": "123", "defect": ["NGFW-15197"], "discovery": "EXTERNAL"}, "title": "Captive Portal can expose sensitive information", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Do not allow non-authorized administrative access or access to the administrative browser.</span><br>"}], "value": "Do not allow non-authorized administrative access or access to the administrative browser."}], "x_generator": {"engine": "Vulnogram 0.4.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-23T18:59:53.166328Z", "id": "CVE-2025-6980", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-23T18:59:58.995Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6980", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-23T18:59:53.166328Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-23T18:59:55.716Z"}}], "cna": {"title": "Captive Portal can expose sensitive information", "source": {"defect": ["NGFW-15197"], "advisory": "123", "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Arista would like to acknowledge and thank Gereon Huppertz working with Trend Zero Day Initiative for reporting CVE-2025-6980"}], "impacts": [{"capecId": "CAPEC-410", "descriptions": [{"lang": "en", "value": "CAPEC-410 Information Elicitation"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Arista Networks", "product": "Arista Edge Threat Management - Arista Next Generation Firewall", "versions": [{"status": "affected", "version": "0.0", "versionType": "custom", "lessThanOrEqual": "17.3.1"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "The recommended resolution is to upgrade to the version indicated below at your earliest convenience.\n\n * 17.4 Upgrade", "supportingMedia": [{"type": "text/html", "value": "<p>The recommended resolution is to upgrade to the version indicated below at your earliest convenience.</p><ul><li>17.4 Upgrade</li></ul>", "base64": false}]}], "datePublic": "2025-10-21T15:00:00.000Z", "references": [{"url": "https://https://www.arista.com/en/support/advisories-notices/security-advisory/22535-security-advisory-0123"}], "workarounds": [{"lang": "en", "value": "Do not allow non-authorized administrative access or access to the administrative browser.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Do not allow non-authorized administrative access or access to the administrative browser.</span><br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.4.0"}, "descriptions": [{"lang": "en", "value": "Captive Portal can expose sensitive information", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Captive Portal can expose sensitive information</span><br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "configurations": [{"lang": "en", "value": "1) CVE-2025-6980 (ZDI-CAN-27006) - Captive Portal can expose sensitive informationRequired Configuration for Exploitation\n\n\u00a0\n\nIf the Captive Portal application is installed and enabled, the systems are vulnerable.\n\n\u00a0\n\nTo access this information:\n\n * As the NGFW administrator, log into the UI and navigate to the Captive Portal application.\n * If the Captive Portal application is not installed, the system is not vulnerable.\n * If Captive Portal is not enabled, the system is not vulnerable.\n\n\nThe above shows Captive Portal as enabled.\n\nIndicators of CompromiseNo evidence of compromise exists.\n\n\u00a0\n\nMitigationDisable Captive Portal.\n\nAs the NGFW administrator, log into the UI and navigate to the Captive Portal application.\n\n * If the Captive Portal application is not installed, the system is not vulnerable.\n * If Captive Portal is not enabled, the system is not vulnerable.\n * Move the Enabled slider to disabled.\n * Click Save\n * Disable Captive Portal.\n\n\n\u00a0\n\n2) CVE-2025-6979 (ZDI-CAN-27007) - Captive Portal can allow authentication bypassRequired Configuration for Exploitation\n\n\u00a0\n\nIf the Captive Portal application is installed and enabled, the systems are vulnerable.\n\n\u00a0\n\nTo access this information:\n\n * As the NGFW administrator, log into the UI and navigate to the Captive Portal application.\n * If the Captive Portal application is not installed, the system is not vulnerable.\n * If Captive Portal is not enabled, the system is not vulnerable.\n\n\nIndicators of CompromiseNo evidence of compromise exists.\n\nMitigationDisable Captive Portal.\n\nAs the NGFW administrator, log into the UI and navigate to the Captive Portal application.\n\n * If the Captive Portal application is not installed, the system is not vulnerable.\n * If Captive Portal is not enabled, the system is not vulnerable.\n * Move the Enabled slider to disabled.\n * Click Save\n * Disable Captive Portal.\n\n\n3) CVE-2025-6978 (ZDI-CAN-27310) - Diagnostics command injection vulnerabilityRequired Configuration for Exploitation\n\n * A successful attack requires administrative access to the NGFW UI.", "supportingMedia": [{"type": "text/html", "value": "<h4>1) CVE-2025-6980 (ZDI-CAN-27006) - Captive Portal can expose sensitive information</h4><div><b>Required Configuration for Exploitation</b></div><div> </div><div>If the Captive Portal application is installed and enabled, the systems are vulnerable.</div><div> </div><div>To access this information:</div><ol><li>As the NGFW administrator, log into the UI and navigate to the Captive Portal application.</li><li>If the Captive Portal application is not installed, the system is not vulnerable.</li><li>If Captive Portal is not enabled, the system is not vulnerable.</li></ol><p><img alt=\"Captive Portal as enabled\" src=\"https://www.arista.com/assets/images/article/SA-123-1.png\"></p><p>The above shows Captive Portal as enabled.</p><h4>Indicators of Compromise</h4><div>No evidence of compromise exists.</div><div> </div><h4>Mitigation</h4><p>Disable Captive Portal.</p><div>As the NGFW administrator, log into the UI and navigate to the Captive Portal application.</div><ol><li>If the Captive Portal application is not installed, the system is not vulnerable.</li><li>If Captive Portal is not enabled, the system is not vulnerable.</li><li>Move the Enabled slider to disabled.</li><li>Click Save</li><li>Disable Captive Portal.</li></ol><p><img alt=\"Captive Portal as enabled\" src=\"https://www.arista.com/assets/images/article/SA-123-2.png\"></p><div> </div><h4>2) CVE-2025-6979 (ZDI-CAN-27007) - Captive Portal can allow authentication bypass</h4><div><b>Required Configuration for Exploitation</b></div><div> </div><div>If the Captive Portal application is installed and enabled, the systems are vulnerable.</div><div> </div><div>To access this information:</div><ol><li>As the NGFW administrator, log into the UI and navigate to the Captive Portal application.</li><li>If the Captive Portal application is not installed, the system is not vulnerable.</li><li>If Captive Portal is not enabled, the system is not vulnerable.</li></ol><p><img alt=\"Captive Portal as enabled\" src=\"https://www.arista.com/assets/images/article/SA-123-1.png\"></p><h4>Indicators of Compromise</h4><p>No evidence of compromise exists.</p><h4>Mitigation</h4><p>Disable Captive Portal.</p><div>As the NGFW administrator, log into the UI and navigate to the Captive Portal application.</div><ol><li>If the Captive Portal application is not installed, the system is not vulnerable.</li><li>If Captive Portal is not enabled, the system is not vulnerable.</li><li>Move the Enabled slider to disabled.</li><li>Click Save</li><li>Disable Captive Portal.</li></ol><p><img alt=\"Captive Portal as enabled\" src=\"https://www.arista.com/assets/images/article/SA-123-2.png\"></p><h4>3) CVE-2025-6978 (ZDI-CAN-27310) - Diagnostics command injection vulnerability</h4><p><b>Required Configuration for Exploitation</b></p><ol><li>A successful attack requires administrative access to the NGFW UI.</li></ol><br>", "base64": false}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:arista_networks:arista_edge_threat_management_-_arista_next_generation_firewall:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "17.3.1", "versionStartIncluding": "0.0"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "shortName": "Arista", "dateUpdated": "2025-10-23T18:41:47.326Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6980", "state": "PUBLISHED", "dateUpdated": "2025-10-23T18:59:58.995Z", "dateReserved": "2025-07-01T16:53:05.372Z", "assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7", "datePublished": "2025-10-23T18:41:47.326Z", "assignerShortName": "Arista"}, "dataVersion": "5.1"}