Summary: VMware has issued an urgent alert regarding a high-severity SQL injection vulnerability (CVE-2025-22217) in its Avi Load Balancer, allowing attackers with network access to gain unauthorized database access. The flaw has a CVSS score of 8.6/10, and VMware urges prompt patching as no workarounds are available. Affected versions include 30.1.1, 30.1.2, 30.2.1, and 30.2.2, with an upgrade to at least 30.1.2 recommended before applying patches.
Affected: VMware Avi Load Balancer
Keypoints :
- Vulnerability identified as an unauthenticated blind SQL Injection.
- High risk due to potential exploitation leading to database access by malicious users.
- No known workarounds; immediate patch deployment is essential.
Source: https://www.securityweek.com/vmware-warns-of-high-risk-blind-sql-injection-bug-in-avi-load-balancer/