Vulnerability Description
Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 do not enforce rate limiting on password reset attempts, allowing adversaries to brute force guess the 6-digit password reset PIN
Related Weaknesses (CWE)
References
- https://cloud.google.com/blog/topics/threat-intelligence/remote-code-execution-a
- https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2025/MNDT-2025
FAQ
What is CVE-2025-2171?
CVE-2025-2171 is a documented vulnerability. Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 do not enforce rate limiting on password reset attempts, allowing adversaries to brute force guess the 6-digit password reset PIN
How severe is CVE-2025-2171?
CVSS scoring is not yet available for CVE-2025-2171. Check NVD for updates.
Is there a patch for CVE-2025-2171?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.