Learn about the critical importance of timely patch management to protect against high-severity vulnerabilities in key infrastructure components like VMware Avi Load Balancer.

Risks:

Patch Management, Web App/Website Vulnerability

Keywords:

VMware Avi Load Balancer, SQL Injection, CVE-2025-22217, Patch Management, Broadcom

CVE:

CVE-2025-22217

Affected:

VMware Avi Load Balancer

 

High-Severity Vulnerability in VMware Avi Load Balancer

Broadcom has issued a warning about a critical security vulnerability in the VMware Avi Load Balancer. This flaw, identified as CVE-2025-22217, is a high-severity unauthenticated blind SQL injection vulnerability with a CVSS score of 8.6. It poses a significant risk as it allows malicious actors with network access to execute specially crafted SQL queries, potentially gaining unauthorized access to the database.

Affected Versions

The vulnerability affects the following versions of VMware Avi Load Balancer: - Version 30.1.1 - Version 30.1.2 - Version 30.2.1 - Version 30.2.2

No Workarounds Available

Unfortunately, there are no workarounds to mitigate this vulnerability. Therefore, it is crucial for users to update their systems to the latest patched versions to ensure protection against potential exploitation. The fixed versions are: - Version 30.1.2-2p2 - Version 30.2.1-2p5 - Version 30.2.2-2p2

Importance of Patch Management

This incident underscores the importance of timely patch management in maintaining the security of critical infrastructure components. Organizations are encouraged to prioritize updates and regularly review their security posture to defend against emerging threats and vulnerabilities.

 

Read More

https://thehackernews.com/2025/01/broadcom-warns-of-high-severity-sql.html?m=1