Broadcom warns the high -strength security defects in VMware AVI load balancers, and may be weapons by malicious actors to gain malicious access.
Vulnerability tracked as CVE-2025-22217 (8.6 CVSS score) is explained as an unrelated blind SQL injection.
“Malicious users with network access can get database access using specially created SQL queries,” he said in an advisory issued on Tuesday.
Security researchers Daniel Kutska and Mateus Dalda are recognized for discovering and reporting vulnerabilities.
It affects the next version of the software-
VMware AVI Road Balancer 30.1.1 (fixed at 30.1.2-2p2) VMware Avi Load Balancer 30.1.2 (fixed at 30.1.2-2p2) VMware Avi Load Balancer (30.2.1-2p5) MWARE AVI road balancer 30.2.2 (corrected on 30.2.2-2p2)
Broadcom further, version 22.x and 21.x are not affected by CVE-2025-22217, and users who execute version 30.1.1 are first 30.1.2 or later before applying patches. Notice that it is necessary to upgrade to.
There is no workaround to address the drawbacks because the customer needs to update the instance to the latest version for the optimal protection.
Source link
