CVE-2025-2172

UNKNOWN 0.0

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 fail to sanitize user input prior to passing the input to command line utilities, allowing command injection via special characters in filenames

CWE	CWE-78
Vendor	aviatrix
Product	controller
Published	Jun 23, 2025
Last Updated	Feb 26, 2026

Stay Ahead of the Next One

Get instant alerts for aviatrix controller

Be the first to know when new unknown vulnerabilities affecting aviatrix controller are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Aviatrix / Controller

All versions affected

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2025/MNDT-2025-0004.md cloud.google.com: https://cloud.google.com/blog/topics/threat-intelligence/remote-code-execution-aviatrix-controller