Severity Level: High
Title:
SQL Injection Vulnerability in VMware Avi Load Balancer
Summary:
VMware has identified a high-severity unauthenticated blind SQL Injection vulnerability (CVE-2025-
22217) in its Avi Load Balancer product. This vulnerability, with a CVSSv3 base score of 8.6, allows
malicious actors with network access to execute specially crafted SQL queries, potentially gaining
unauthorized access to sensitive database information.
Vulnerability Overview:
• CVE Identifier: CVE-2025-22217
• Severity: High (CVSSv3 Score: 8.6)
• Impacted Product: VMware Avi Load Balancer
• Vulnerability Type: Unauthenticated Blind SQL Injection
Affected Versions:
The following versions of VMware Avi Load Balancer are impacted:
• 30.1.1
• 30.1.2
• 30.2.1
• 30.2.2
Resolution:
• For versions 30.1.1 and 30.1.2, upgrade to version 30.1.2-2p2
• For version 30.2.1, upgrade to version 30.2.1-2p5
• For version 30.2.2, upgrade to version 30.2.2-2p2
Recommendations:
We recommend to apply the security patches provided by VMware as soon as possible.
References:
click here