
VMware warns of critical vulnerability in Avi Load Balancer that allows attackers to access databases via SQL injection.
VMware has discovered and officially confirmed a serious vulnerability CVE-2025-22217, which has a CVSS score of 8.6/10. The problem is an unauthorized “blind” SQL injection that allows attackers with network access to execute malicious SQL queries to gain access to databases.
Avi Load Balancer is one of VMware’s key products, which is used to balance the load between servers in cloud and on-premises environments. In addition to its main function, it provides web security and container traffic management. Which versions are vulnerable?
There is currently no workaround, so installing patches is the only way to protect yourself.
This is not the first time VMware has had security issues – the company has previously faced difficulties patching vulnerabilities in vCenter Server and HCX Platform, as well as hacker exploits at a Chinese cybersecurity competition. IT administrators should install the update immediately to prevent potential exploitation of the vulnerability. Since there are no workarounds, delaying the update could lead to a compromised system.