How to fix EUVD-2025-18898?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Validate input sanitization for user-controlled parameters.

Is Command Injection affected by EUVD-2025-18898?

CVE-2025-2172 presents notable security risk, a OS command injection vulnerability rated CVSS 6.6. Exploitation could allow attackers to execute code or inject malicious input. Organizations should apply vendor updates when available and monitor for exploitation.

EUVD-2025-18898

| CVE-2025-2172 MEDIUM

2025-06-23 [email protected]

6.6

CVSS 4.0

CVSS Vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

None

Lifecycle Timeline

Analysis Generated

Mar 15, 2026 - 22:10 vuln.today

EUVD ID Assigned

Mar 15, 2026 - 22:10 euvd

EUVD-2025-18898

CVE Published

Jun 23, 2025 - 14:15 nvd

MEDIUM 6.6

Description

Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 fail to sanitize user input prior to passing the input to command line utilities, allowing command injection via special characters in filenames

Analysis

Technical Context

Command injection allows an attacker to execute arbitrary OS commands on the host system through a vulnerable application that passes user input to system shells. This vulnerability is classified as OS Command Injection (CWE-78).

Remediation

Avoid passing user input to system commands. Use language-specific APIs instead of shell commands. If unavoidable, use strict input validation and escaping.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.3

CVSS: +33

POC: 0

EUVD-2025-18898 vulnerability details – vuln.today

Back

EUVD-2025-18898

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Remediation

Priority Score

Share

EUVD-2025-18898

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Remediation

Priority Score

Share

External POC / Exploit Code