Search In Site

Security Alerts

Severity Level: High

Title: 

SQL Injection Vulnerability in VMware Avi Load Balancer

Summary:

VMware has identified a high-severity unauthenticated blind SQL Injection vulnerability (CVE-2025-

22217) in its Avi Load Balancer product. This vulnerability, with a CVSSv3 base score of 8.6, allows

malicious actors with network access to execute specially crafted SQL queries, potentially gaining

unauthorized access to sensitive database information.

Vulnerability Overview:

• CVE Identifier: CVE-2025-22217

• Severity: High (CVSSv3 Score: 8.6)

• Impacted Product: VMware Avi Load Balancer

• Vulnerability Type: Unauthenticated Blind SQL Injection

Affected Versions:

The following versions of VMware Avi Load Balancer are impacted:

• 30.1.1

• 30.1.2

• 30.2.1

• 30.2.2

Resolution:

• For versions 30.1.1 and 30.1.2, upgrade to version 30.1.2-2p2

• For version 30.2.1, upgrade to version 30.2.1-2p5

• For version 30.2.2, upgrade to version 30.2.2-2p2

 

Recommendations:

We recommend to apply the security patches provided by VMware as soon as possible.


References:

click here