← volver
CVE-2025-2172

CVE-2025-2172

CVSS 6.6 MEDIUMEPSS 7.5%CWE-78
Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 fail to sanitize user input prior to passing the input to command line utilities, allowing command injection via special characters in filenames
CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
Productos afectados
Aviatrix · Controller

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://cloud.google.com/blog/topics/threat-intelligence/remote-code-execution-aviatrix-controllerhttps://github.com/mandiant/Vulnerability-Disclosures/blob/master/2025/MNDT-2025-0004.md