CVE-2025-6980 is a vulnerability identified in Arista Networks' Edge Threat Management and Next Generation Firewall products, specifically related to the Captive Portal functionality. The flaw is classified under CWE-200, which involves the exposure of sensitive information to unauthorized actors. The vulnerability allows an unauthenticated attacker to remotely access sensitive data through the Captive Portal without requiring user interaction. According to the CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), the attack can be launched remotely over the network with low attack complexity, no privileges, and no user interaction, affecting confidentiality with high impact but no effect on integrity or availability. The affected versions are currently listed as '0.0', which likely indicates initial or early versions of the product. No patches have been published yet, and there are no known exploits in the wild. The vulnerability could allow attackers to gather sensitive information such as configuration details, user credentials, or network data exposed via the Captive Portal, potentially facilitating further attacks or unauthorized access. The lack of authentication and user interaction requirements significantly increases the risk profile. The vulnerability was reserved in July 2025 and published in October 2025, indicating recent discovery and disclosure. Given the critical role of Arista's firewall products in network security, this vulnerability represents a significant threat vector if left unmitigated.

For European organizations, the exposure of sensitive information through Arista's firewall Captive Portal can lead to serious confidentiality breaches. This may include leakage of network configurations, user authentication tokens, or other sensitive operational data, which attackers could exploit to escalate privileges or move laterally within networks. Critical infrastructure sectors such as finance, telecommunications, and government agencies that rely on Arista firewalls for perimeter defense are particularly vulnerable. The remote and unauthenticated nature of the exploit increases the likelihood of widespread scanning and exploitation attempts. The impact is heightened in environments where firewall management interfaces are exposed or insufficiently segmented. Data privacy regulations in Europe, such as GDPR, impose strict requirements on protecting sensitive data, and breaches resulting from this vulnerability could lead to regulatory penalties and reputational damage. Additionally, the exposure could undermine trust in network security controls, potentially disrupting business operations and incident response efforts.

Until an official patch is released by Arista Networks, European organizations should implement several specific mitigations: 1) Restrict network access to the Captive Portal interface by applying strict firewall rules and network segmentation to limit exposure only to trusted management networks. 2) Employ network monitoring and intrusion detection systems to detect anomalous access patterns or scanning activity targeting the Captive Portal. 3) Disable the Captive Portal feature if it is not essential for business operations to eliminate the attack surface. 4) Enforce strong access control policies and multi-factor authentication on management interfaces to reduce risk from any indirect exploitation paths. 5) Regularly audit firewall configurations and logs for signs of unauthorized access or data leakage. 6) Prepare for rapid deployment of patches by establishing a vulnerability management process that prioritizes this CVE. 7) Educate security teams about the vulnerability specifics to improve detection and response capabilities. These measures go beyond generic advice by focusing on controlling access to the vulnerable component and enhancing detection capabilities.