Jan 29, 2025Ravie LakshmananVulnerability / Software Security
A high-severity safety weakness in VMware Avi Load Balancer has been raised by Broadcom as a result of which hacked collection access by malicious hackers.
The vulnerability, tracked as CVE-2025-22217 ( CVSS score: 8.6), has been described as an unauthenticated blind SQL injection.
A malicious users with network access may be able to get databases using specially designed SQL queries, according to the company in an advisory released on Tuesday.
The risk was discovered and reported by stability researchers Mateusz Darda and Daniel Kukuczka.
The following variation of the program is affected by it:
- VMware Avi Load Balancer 30.1.1 ( Fixed in 30.1.2-2p2 )
- VMware Avi Load Balancer 30.1.2 ( Fixed in 30.1.2-2p2 )
- VMware Avi Load Balancer 30.2.1 ( Fixed in 30.2.1-2p5 )
- VMware Avi Load Balancer 30.2.2 ( Fixed in 30.2.2-2p2 )
Broadcom further noted that versions 22. by and 21. by are not exposed to CVE-2025-22217, and that users running type 30.1.1 had second switch to 30.1.2 or afterwards before applying the patch.
There are no workarounds to address the issue, making it necessary for customers to upgrade their instances to the most recent type for maximum protection.
Found this post interesting? To read more unique content we post, follow us on and Twitter.