Critical Vulnerability Information Vulnerability ID MNDT-2025-0004 Description Aviatrix Controller versions 7.1.4208, 7.2.5090, and 8.0.0 failed to sanitize user input before passing it to command-line utilities. By injecting a tab character, attackers can inject parameters into various binaries, leading to remote code execution. Impact High: An authenticated attacker can upload files with partially controlled filenames, enabling arbitrary file write operations, which can result in remote code execution on the server. Exploitability Low: The adversary must have access to a high-privilege account, such as an "admin" user. Using this account, they must install a new certificate with a tampered filename. CVE ID CVE-2025-2172 Common Weakness Enumeration CWE-78: Improper Neutralization of Special Elements within OS Commands ('OS Command Injection') Details Aviatrix Controller allows authenticated users to upload files with arbitrary extensions, which are saved to disk. Various features in Aviatrix Controller use these uploaded files to perform operating system-level operations, passing the filenames to command-line utilities. By injecting a tab character into the uploaded file’s extension, attackers can bypass the parameter parser ( ) and inject unintended command-line arguments into tools such as . Specifically, this can be used to overwrite the contents of , leading to remote code execution. CVSS: CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P Remediation The issue has been fixed in the following Aviatrix Controller versions: 8.0.0 7.2.5090 7.1.4208 Discoverer Louis Dion-Marcil, Mandiant Disclosure Timeline March 10, 2025: Initial report submitted to Aviatrix support desk March 12, 2025: Issue escalated to Aviatrix leadership March 12, 2025: Call with Aviatrix engineers and leadership to describe the issue March 31, 2025: Patch released to customers References https://aviatrix.com/ https://cloud.google.com/blog/topics/threat-intelligence/remote-code-execution-aviatrix-controller https://www.cve.org/CVERecord?id=CVE-2025-2172