CyberSecurity news
FlagThis
@www.heise.de
//
A critical blind SQL injection vulnerability, identified as CVE-2025-22217, has been discovered in the VMware Avi Load Balancer. This flaw allows attackers with network access to send specially crafted SQL queries, potentially gaining unauthorized access to the underlying database. The vulnerability poses a significant risk, enabling attackers to bypass authentication and directly access sensitive information stored within the database. This access could lead to substantial data breaches and system compromise, making it a major concern for organizations using Avi Load Balancer.
The vulnerability, which scores 8.6 on the CVSS scale, stems from insufficient input validation, allowing for the injection of arbitrary SQL code. Broadcom, the vendor, urges users to apply the necessary patches immediately, as no workarounds are available. The affected versions are primarily within the 30.x range; specifically 30.1.1, 30.1.2, 30.2.1 and 30.2.2 all require patching. It is also important that if you are running 30.1.1 you MUST upgrade to at least 30.1.2 before applying the patch to resolve this issue. Versions 22.x and 21.x are not susceptible to this particular flaw.
ImgSrc: heise.cloudimg.
References :
The vulnerability, which scores 8.6 on the CVSS scale, stems from insufficient input validation, allowing for the injection of arbitrary SQL code. Broadcom, the vendor, urges users to apply the necessary patches immediately, as no workarounds are available. The affected versions are primarily within the 30.x range; specifically 30.1.1, 30.1.2, 30.2.1 and 30.2.2 all require patching. It is also important that if you are running 30.1.1 you MUST upgrade to at least 30.1.2 before applying the patch to resolve this issue. Versions 22.x and 21.x are not susceptible to this particular flaw.
ImgSrc: heise.cloudimg.
Share:
References :
- securityaffairs.com: VMware fixed a flaw in Avi Load Balancer
- socca.tech: CVE-2025-22217: (VMware Avi Load Balancer: High)
- The Hacker News: Broadcom Warns of High-Severity SQL Injection Flaw in VMware Avi Load Balancer
- www.heise.de: VMware: High-risk SQL injection vulnerability compromises Avi Load Balancer
- heise online English: VMware: High-risk SQL injection vulnerability compromises Avi Load Balancer
- securityonline.info: VMware Avi Load Balancer Flaw (CVE-2025-22217) Exposes Networks to Blind SQLi Attacks
- securityonline.info: VMware Avi Load Balancer Flaw (CVE-2025-22217) Exposes Networks to Blind SQLi Attacks
- Security Risk Advisors: Critical SQL Injection Vulnerability Threatens VMware Avi Load Balancer Security
- support.broadcom.com: Critical SQL Injection Vulnerability Threatens VMware Avi Load Balancer Security
Classification:
- HashTags: #VMware #SecurityVulnerability #SQLInjection
- Company: VMware
- Target: VMware Avi Load Balancer users
- Product: Avi Load Balancer
- Feature: SQL Injection
- Type: Vulnerability
- Severity: Major