Broadcom has alerted of a high-severity safety flaw in VMware Avi Load Balancer that could possibly be weaponized by malicious actors to achieve entrenched database entry.
The vulnerability, tracked as CVE-2025-22217 (CVSS rating: 8.6), has been described as an unauthenticated blind SQL injection.
“A malicious user with network access may be able to use specially crafted SQL queries to gain database access,” the corporate mentioned in an advisory issued Tuesday.
Safety researchers Daniel Kukuczka and Mateusz Darda have been acknowledged for locating and reporting the vulnerability.
It impacts the next model of the software program –
- VMware Avi Load Balancer 30.1.1 (Fastened in 30.1.2-2p2)
- VMware Avi Load Balancer 30.1.2 (Fastened in 30.1.2-2p2)
- VMware Avi Load Balancer 30.2.1 (Fastened in 30.2.1-2p5)
- VMware Avi Load Balancer 30.2.2 (Fastened in 30.2.2-2p2)
Broadcom additional famous that variations 22.x and 21.x usually are not prone to CVE-2025-22217, and that customers working model 30.1.1 should first improve to 30.1.2 or later earlier than making use of the patch.
There are not any workarounds that handle the shortcoming, necessitating that clients replace their cases to the newest model for optimum safety.
