CVE-2025-22217 – VMware Avi Load Balancer Blind SQL Injection

The following table lists the changes that have been made to the CVE-2025-22217 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics.

  • New CVE Received by [email protected]

    Jan. 28, 2025

    Action Type Old Value New Value
    Added Description Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability which was privately reported to VMware. Patches are available to remediate this vulnerability in affected VMware products.  A malicious user with network access may be able to use specially crafted SQL queries to gain database access.
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
    Added CWE CWE-89
    Added Reference https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25346

نوشته های مشابه

CVE-2025-20094 – Microsoft Defense Platform Windows RCE (Shatter)

CVE-2025-23236 – Cisco Defense Platform Home Edition Buffer Overflow Elevates Privileges

CVE-2024-51547 – ABB ASPECT-Enterprise/NEXUS Series/MATRIX Series Hard-coded Credentials Vulnerability

CVE-2024-51450 – IBM Security Verify Directory Command Injection