Latest Aviatrix Controller vulnerability #
Mandiant disclosed two vulnerabilities in Aviatrix Controller, a Software-Defined Networking (SDN) solution, versions prior to 7.1.4208, 7.2.5090 and 8.0.0.
- Failure to enforce rate limiting on password reset attempts, allows an unauthenticated adversary to brute force the password reset feature. The password reset PIN is 6-digits and only valid for 15 minutes, however, the small key space allows greater attack reliably. An administrative account can be targeted and full account takeover is possible with a successful PIN brute force and password change. This vulnerability has been designated CVE-2025-2171 and has been rated high with a CVSS score of 7.8.
- Failure to sanitize user input allows an authenticated adversary to perform operating system command injection through uploading a file with a partially-controlled filename resulting in an arbitrary file write. This vulnerability allows an adversary to overwrite /etc/crontab and obtain remote code execution (RCE). This vulnerability has been designated CVE-2025-2172 and has been rated medium with a CVSS score of 6.6.
What is the impact? #
Successful exploitation of these vulnerabilities would allow an attacker to compromise an account and execute arbitrary code on the vulnerable system, potentially leading to complete system compromise.
Are any updates or workarounds available? #
Aviatrix has released updates to mitigate this issue. Users are encouraged to update to the latest version as quickly as possible.
- Aviatrix Controller to version 7.1.4208 and later releases
- Aviatrix Controller to version 7.2.5090 and later releases
- Aviatrix Controller to version 8.0.0 and later releases
How do I find Aviatrix Controller installations with runZero? #
From the Service Inventory, use the following query to locate potentially impacted assets:
_asset.protocol:http AND protocol:http AND has:html.title AND html.title:="Aviatrix Controller"
