{"uuid": "1a049d35-6453-4701-8c72-bb022986e4e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-2172", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/19212", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-2172\n\ud83d\udd25 CVSS Score: 7.5 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)\n\ud83d\udd39 Description: Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 fail to sanitize user input prior to passing the input to command line utilities, allowing command injection via special characters in filenames\n\ud83d\udccf Published: 2025-06-23T14:01:19.310Z\n\ud83d\udccf Modified: 2025-06-23T14:01:19.310Z\n\ud83d\udd17 References:\n1. https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2025/MNDT-2025-0004.md\n2. https://cloud.google.com/blog/topics/threat-intelligence/remote-code-execution-aviatrix-controller", "creation_timestamp": "2025-06-23T14:45:34.000000Z"}