Detections
Analytics
CVE-2025-2172
medium
Description
Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 fail to sanitize user input prior to passing the input to command line utilities, allowing command injection via special characters in filenames
References
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2025/MNDT-2025-0004.md
https://cloud.google.com/blog/topics/threat-intelligence/remote-code-execution-aviatrix-controller
Details
Published: 2025-06-23
Updated: 2025-06-23
Risk Information
CVSS v2
Base Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: High
CVSS v3
Base Score: 9.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: Critical
CVSS v4
Base Score: 6.6
Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Severity: Medium
EPSS
EPSS: 0.00294