FlagThis

A critical blind SQL injection vulnerability (CVE-2025-22217) has been discovered in the VMware Avi Load Balancer. Attackers with network access can exploit this flaw by sending specially crafted SQL queries, potentially gaining unauthorized access to the underlying database. This could lead to significant data breaches and system compromise. The vulnerability allows an attacker to bypass authentication and gain direct access to the database where sensitive information is stored. This is a major issue for organizations using Avi Load Balancer, requiring immediate patching.

Apache has released security updates to address multiple critical vulnerabilities, including a SQL Injection flaw, affecting MINA, HugeGraph-Server, and Traffic Control products. These vulnerabilities, if exploited, could allow attackers to compromise systems, highlighting the importance of immediate patching. Organizations using these Apache products should prioritize updating them to the latest versions to mitigate the risk of exploitation.

Multiple vulnerabilities have been discovered and addressed in Apache Superset, an open-source data visualization platform. These include SQL injection vulnerabilities and improper authorization flaws, allowing attackers to bypass security restrictions and potentially access sensitive data. Updates are recommended to patch these vulnerabilities and protect against exploitation.