Password Reset Vulnerability in Aviatrix Controller by Aviatrix
CVE-2025-2171

8.8HIGH

Key Information:

Vendor: Aviatrix
Status: Controller
Vendor: CVE Published:; 23 June 2025

What is CVE-2025-2171?

Aviatrix Controller prior to version 7.1.4208, 7.2.5090, and 8.0.0 has a security misconfiguration that fails to enforce rate limiting on password reset attempts. This oversight allows attackers to perform brute force attacks on the 6-digit password reset PIN, significantly increasing the risk of unauthorized access to user accounts.

Affected Version(s)

Controller 7.1.4208

Controller 7.2.5090

References

https://github.com/mandiant/Vulnerability-Disclosures/blo...

third-party-advisory

https://cloud.google.com/blog/topics/threat-intelligence/...

technical-description

CVSS V4

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 23, 2025
Vulnerability Reserved
Mar 10, 2025