WARNING: HIGH UNAUTHENTICATED BLIND SQL INJECTION VULNERABILITY IN VMWARE AVI LOAD BALANCER, PATCH IMMEDIATELY!
CVE-2025-22217: CVSS 8.6 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)
Bronnen
Risico’s
CVE-2025-22217 could allow attackers to gain database access through an unauthenticated blind SQL injection vulnerability. The attack can be executed remotely and does not need user interaction or authentication. This vulnerability could lead to the exposure or theft of sensitive data stored in the database. With a CVSS score of 8.6, the impact is high on confidentiality, integrity and availability.
Beschrijving
A vulnerability involving unauthenticated blind SQL injection has been identified in the VMware Avi Load
Balancer. An attacker with network access can send specially crafted SQL queries to gain unauthorized
access to the database. VMware has privately disclosed this issue and released patches to mitigate the
risk. While no public proof-of-concept or confirmed exploitation has been reported, organizations are
strongly advised to apply the security updates as soon as possible.
Aanbevolen acties
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.
- Affected version 30.1.1: patch to 30.1.2-2p2
- Affected version 30.1.2: patch to 30.1.2-2p2
- Affected version 30.2.1: patch to 30.2.1-2p2
- Affected version 30.2.2: patch to 30.2.2-2p2
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion. In case of an intrusion, you can report an incident via https://ccb.belgium.be/nl/cert/een-incident-melden. While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
Referenties
https://cybersecuritynews.com/vmware-avi-load-balancer-vulnerability/