CVE-2025-2172
MEDIUMAviatrix Controller <7.1.4208-8.0.0 - Command Injection
Title source: llmDescription
Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 fail to sanitize user input prior to passing the input to command line utilities, allowing command injection via special characters in filenames
References (2)
Core 2
Core References
Various Sources third-party-advisory
https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2025/MNDT-2025-0004.md
Various Sources technical-description
https://cloud.google.com/blog/topics/threat-intelligence/remote-code-execution-aviatrix-controller
Scores
CVSS v4
6.6
EPSS
0.0129
EPSS Percentile
79.8%
CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-78
Status
published
Products (3)
Aviatrix/Controller
7.1.4208
Aviatrix/Controller
7.2.5090
Aviatrix/Controller
8.0.0
Published
Jun 23, 2025
Tracked Since
Feb 18, 2026