← back
CVE-2025-2172

CVE-2025-2172

CVSS 6.6 MEDIUMEPSS 7.5%CWE-78
Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 fail to sanitize user input prior to passing the input to command line utilities, allowing command injection via special characters in filenames
CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
Affected products
Aviatrix · Controller

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cloud.google.com/blog/topics/threat-intelligence/remote-code-execution-aviatrix-controllerhttps://github.com/mandiant/Vulnerability-Disclosures/blob/master/2025/MNDT-2025-0004.md