Broadcom has alerted of a high-severity security flaw in VMware Avi Load Balancer that might be weaponized by malicious actors to achieve entrenched database entry.
The vulnerability, tracked as CVE-2025-22217 (CVSS rating: 8.6), has been described as an unauthenticated blind SQL injection.
“A malicious consumer with community entry might be able to use specifically crafted SQL queries to achieve database entry,” the corporate mentioned in an advisory issued Tuesday.
Safety researchers Daniel Kukuczka and Mateusz Darda have been acknowledged for locating and reporting the vulnerability.
It impacts the next model of the software program –
- VMware Avi Load Balancer 30.1.1 (Mounted in 30.1.2-2p2)
- VMware Avi Load Balancer 30.1.2 (Mounted in 30.1.2-2p2)
- VMware Avi Load Balancer 30.2.1 (Mounted in 30.2.1-2p5)
- VMware Avi Load Balancer 30.2.2 (Mounted in 30.2.2-2p2)
Broadcom additional famous that variations 22.x and 21.x should not prone to CVE-2025-22217, and that customers working model 30.1.1 should first improve to 30.1.2 or later earlier than making use of the patch.
There are not any workarounds that tackle the shortcoming, necessitating that prospects replace their situations to the newest model for optimum safety.
