CNNVD-202506-2945 Information

Jun 23, 2025 cve

CNNVD ID

CNNVD-202506-2945

CVE-2025-2172

CNNVD Published: 2025-06-23

Description (Chinese)

Aviatrix Controller是美国Aviatrix公司的一个应用软件。用云提供商的API来扩展和控制本机结构，从而扩展其功能并将其集成到软件中。 Aviatrix Controller 7.1.4208之前版本、7.2.5090版本和8.0.0版本存在安全漏洞，该漏洞源于用户输入清理不足，可能导致命令注入。

Description (English)

Aviatrix Controller is an application of the United States company Aviatrix. The API of the cloud provider is used to expand and control the machine structure, thereby expanding its functionality and integrating it into the software. Aviatrix Controller 7.1.42008, 7.2.5090 and 8.0.0 have a security loophole, which stems from inadequate user input clean-up and may lead to command injection.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Aviatrix

Published

2025-06-23

Last Modified

2026-02-24

References

https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2025/MNDT-2025-0004.md https://cloud.google.com/blog/topics/threat-intelligence/remote-code-execution-aviatrix-controller https://access.redhat.com/security/cve/cve-2025-2172

Patch

https://aviatrix.com/

Share on: