ACTIVELY EXPLOITED3 sources verified·1 min read
By Lyrie Threat Intelligence·1/16/2025
CVE-2024-50603 added to CISA KEV: Aviatrix Controllers
Status: ✅ Confirmed exploited in the wild
Date added: 2025-01-16
Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Due date: 2025-02-06
Why this matters
Aviatrix Controllers contain an OS command injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloud_type for list_flightpath_destination_instances, or src_cloud_type for flightpath_connection_test.
Sources
Lyrie Verdict
Lyrie's autonomous detection layer catches active exploitation primitives at machine speed — closing the gap between disclosure and weaponization that traditional defense simply can't cover.