CNNVD-202506-2943 Information

Jun 23, 2025 cve

CNNVD ID

CNNVD-202506-2943

CVE-2025-2171

CNNVD Published: 2025-06-23

Description (Chinese)

Aviatrix Controller是美国Aviatrix公司的一个应用软件。用云提供商的API来扩展和控制本机结构，从而扩展其功能并将其集成到软件中。 Aviatrix Controller 7.1.4208之前版本、7.2.5090版本和8.0.0版本存在安全漏洞，该漏洞源于密码重置PIN未实施速率限制，可能导致暴力破解。

Description (English)

Aviatrix Controller is an application of the United States company Aviatrix. The API of the cloud provider is used to expand and control the machine structure, thereby expanding its functionality and integrating it into the software. Aviatrix Contractor 7.1.42008, 7.2.5090 and 8.0.0 have a security loophole, which stems from the failure to implement speed limits for re-enacting PIN passwords, which may lead to violent breakdowns.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

Aviatrix

Published

2025-06-23

Last Modified

2026-02-24

References

https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2025/MNDT-2025-0003.md https://cloud.google.com/blog/topics/threat-intelligence/remote-code-execution-aviatrix-controller https://access.redhat.com/security/cve/cve-2025-2171

Patch

https://aviatrix.com/

Share on: