VMware has released an urgent update due to a vulnerability in Avi Load Balancer

29 January 2025 1 minute Author: Newsman

VMware warns of critical vulnerability in Avi Load Balancer that allows attackers to access databases via SQL injection.

VMware has discovered and officially confirmed a serious vulnerability CVE-2025-22217, which has a CVSS score of 8.6/10. The problem is an unauthorized “blind” SQL injection that allows attackers with network access to execute malicious SQL queries to gain access to databases.

Avi Load Balancer is one of VMware’s key products, which is used to balance the load between servers in cloud and on-premises environments. In addition to its main function, it provides web security and container traffic management. Which versions are vulnerable?

  • 30.1.1, 30.1.2, 30.2.1, 30.2.2
  • It is recommended to update to 30.1.2 or higher before applying the patch.

There is currently no workaround, so installing patches is the only way to protect yourself.

This is not the first time VMware has had security issues – the company has previously faced difficulties patching vulnerabilities in vCenter Server and HCX Platform, as well as hacker exploits at a Chinese cybersecurity competition. IT administrators should install the update immediately to prevent potential exploitation of the vulnerability. Since there are no workarounds, delaying the update could lead to a compromised system.

Other related articles
Found an error?
If you find an error, take a screenshot and send it to the bot.