← back
CVE-2025-2172

CVE-2025-2172

CVSS 6.6 MEDIUMEPSS 7.5%CWE-78
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.6EPSS 7.5%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
23 Jun 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 fail to sanitize user input prior to passing the input to command line utilities, allowing command injection via special characters in filenames
CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
Affected products
Aviatrix · Controller

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://cloud.google.com/blog/topics/threat-intelligence/remote-code-execution-aviatrix-controllerhttps://github.com/mandiant/Vulnerability-Disclosures/blob/master/2025/MNDT-2025-0004.md