← voltar
CVE-2025-2172

CVE-2025-2172

CVSS 6.6 MEDIUMEPSS 7.5%CWE-78
Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 fail to sanitize user input prior to passing the input to command line utilities, allowing command injection via special characters in filenames
CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
Produtos afetados
Aviatrix · Controller

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://cloud.google.com/blog/topics/threat-intelligence/remote-code-execution-aviatrix-controllerhttps://github.com/mandiant/Vulnerability-Disclosures/blob/master/2025/MNDT-2025-0004.md