CVE-2025-22217

Published Jan 28, 2025

Last updated 2 days ago

CVSS high 8.6

Overview

Description
Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability which was privately reported to VMware. Patches are available to remediate this vulnerability in affected VMware products.  A malicious user with network access may be able to use specially crafted SQL queries to gain database access.
Source
security@vmware.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.6
Impact score
4
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Severity
HIGH

Weaknesses

security@vmware.com
CWE-89

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

4

  1. VMware, la faille de Sécurité CVE-2025-22217 pourrait permettre une injection de code SQL. Bulletin de sécurité VMware 25346 du 28 janvier 2025. https://t.co/4qy218Rhmq #.Code Arbitraire à Distance #.Correctif #.Faille #.Injection de code (SQL) #CERT

    @NicolasCoolman

    30 Jan 2025

    16 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Broadcom ha emitido una alerta sobre una vulnerabilidad de inyección SQL de alta gravedad en VMware Avi Load Balancer, identificada como CVE-2025-22217, con una calificación CVSS de 8.6. Esta falla permite a usuarios no autenticados ejecutar consultas SQL maliciosas para obtener

    @citarafy

    30 Jan 2025

    71 Impressions

    0 Retweets

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  3. 🚨 CVE-2025-22217 exposes VMware Avi Load Balancer to blind SQL injection, risking data breaches. Hackers can exploit it remotely—act now! 🛡️ Security Joes provides expert defense & rapid response. Stay protected! 🔗 https://t.co/JZlUq9B0Rx https://t.co/ioqfkY6Mzl

    @SecurityJoes

    29 Jan 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. VMware Avi Load Balancer Güvenlik Açığı (CVE-2025-22217): Ağları Blind SQLi Saldırılarına Maruz Bırakıyor https://t.co/AgV0oCVXNx

    @cyberwebeyeos

    29 Jan 2025

    27 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. VMwareはAvi Load Balancerに「CVE-2025-22217」として登録された高リスクのブラインドSQLインジェクション脆弱性を警告。CVSSスコアは8.6で、影響を受けるバージョンは30.1.1、30.1.2、30.2.1、30.2.2。回避策はなく、即時パッチ適用が推奨される。 https://t.co/yK1pd5fiKn

    @01ra66it

    29 Jan 2025

    162 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  6. VMware Avi Load Balancer Flaw (CVE-2025-22217) Exposes Networks to Blind SQLi Attacks This vulnerability, identified as CVE-2025-22217 and given a CVSSv3 base score of 8.6, could allow attackers to gain unauthorized access to sensitive data https://t.co/K3Cf95Aktp

    @the_yellow_fall

    29 Jan 2025

    317 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🚨 WATCH OUT: A new vulnerability, CVE-2025-22217, in VMware Avi Load Balancer could give attackers full access to your databases! No workarounds—only updates will protect you. Seriously attacks is going on https://t.co/j9z7kLmYNn

    @SamTechwest

    29 Jan 2025

    60 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. 🚨 WATCH OUT: A new vulnerability, CVE-2025-22217, in VMware Avi Load Balancer could give attackers full access to your databases! No workarounds—only updates will protect you. Running affected versions? Learn more: https://t.co/xpIan2lv94

    @TheHackersNews

    29 Jan 2025

    10206 Impressions

    13 Retweets

    27 Likes

    7 Bookmarks

    0 Replies

    1 Quote

  9. VMwareは Avi Load Balancer に 認証不要のブラインドSQLインジェクション の脆弱性 があることを報告しました。 この脆弱性は CVE-2025-22217 として登録されており、悪意のある攻撃者が特別に細工したSQLクエリを送信することで、データベースに不正アクセスできる可能性があります。 https://t.co/yYbmuRQAEh

    @t_nihonmatsu

    29 Jan 2025

    261 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  10. VMware fixes CVE-2025-22217 in Avi Load Balancer #VMwareAvi #CVE-2025-22217 https://t.co/PIa2u91gxV

    @pravin_karthik

    29 Jan 2025

    101 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. VMware Warns of High-Risk Blind SQL Injection Bug in Avi Load Balancer - (CVE-2025-22217) https://t.co/zP8p0d3nce

    @SecurityWeek

    28 Jan 2025

    302 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. [CVE-2025-22217: HIGH] Critical cyber security update: Vulnerability found in Avi Load Balancer allows unauthenticated SQL Injection access. Patch your VMware products to prevent unauthorized database access!#cybersecurity,#vulnerability https://t.co/YRfvjYXpVE https://t.co/pOVhQ

    @CveFindCom

    28 Jan 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. CVE-2025-22217 Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability which was privately reported to VMware. Patches are available to remediate this vulner… https://t.co/mKxuXvWGen

    @CVEnew

    28 Jan 2025

    320 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References