Vulnerability cyber

Aviatrix

Jun 24, 2025 1 min read
Aviatrix

Two critical vulnerabilities in Aviatrix Controller allowed attackers to bypass authentication and execute remote code with root privileges. This potentially compromised entire cloud infrastructures, granting attackers centralized control over cloud gateways and APIs. Successful exploitation could lead to a complete cloud environment takeover, affecting multiple cloud providers and regions.

Source: https://cybersecuritynews.com/aviatrix-cloud-controller-vulnerability/

TPRM report: https://scoringcyber.rankiteo.com/company/aviatrix-systems

"id": "avi301062425",
"linkid": "aviatrix-systems",
"type": "Vulnerability",
"date": "6/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'Software-Defined Networking',
                        'name': 'Aviatrix',
                        'type': 'Software Company'}],
 'attack_vector': 'Authentication Bypass and Command Injection',
 'date_publicly_disclosed': '2025-03-31',
 'description': 'Two critical vulnerabilities in Aviatrix Controller, a '
                'Software-Defined Networking (SDN) utility that enables cloud '
                'connectivity across different vendors and regions, allowed '
                'attackers to bypass authentication and execute remote code '
                'with root privileges, potentially compromising entire cloud '
                'infrastructures.',
 'impact': {'operational_impact': 'Potential complete cloud environment '
                                  'takeover',
            'systems_affected': 'Aviatrix Controller, Cloud Infrastructure'},
 'initial_access_broker': {'entry_point': 'Weak password reset mechanism'},
 'lessons_learned': 'Importance of timely patching and securing authentication '
                    'mechanisms',
 'motivation': 'Unauthorized Access and Control',
 'post_incident_analysis': {'corrective_actions': 'Security patches released '
                                                  'for affected versions',
                            'root_causes': 'Weak password reset mechanism and '
                                           'command injection flaw in file '
                                           'upload feature'},
 'recommendations': 'Immediately upgrade to patched releases to prevent '
                    'potential compromise of cloud infrastructure',
 'references': [{'source': 'Mandiant Security Researchers'}],
 'response': {'remediation_measures': 'Security patches released for versions '
                                      '8.0.0, 7.2.5090, and 7.1.4208'},
 'threat_actor': 'Unknown',
 'title': 'Critical Vulnerabilities in Aviatrix Controller',
 'type': 'Vulnerability Exploitation',
 'vulnerability_exploited': ['CVE-2025-2171', 'CVE-2025-2172']}
Published by
Jeremy C
Jeremy C
You might also like
Vulnerability cyber

Zimbra

public 1 min read
A critical security vulnerability (CVE-2025-27915) has been discovered in Zimbra Classic Web Client, allowing attackers to execute arbitrary JavaScript code…
Jeremy C Jeremy C
Vulnerability cyber

Xiaomi

public 1 min read
A severe security vulnerability has been discovered in Xiaomi’s interoperability application, potentially exposing millions of users to unauthorized device…
Jeremy C Jeremy C
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.