{"id":65015,"date":"2025-06-13T03:31:44","date_gmt":"2025-06-13T00:01:44","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2025-41233-vmware-avi-load-balancer-blind-sql-injection\/"},"modified":"2025-06-13T03:31:44","modified_gmt":"2025-06-13T00:01:44","slug":"cve-2025-41233-vmware-avi-load-balancer-blind-sql-injection","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2025-41233-vmware-avi-load-balancer-blind-sql-injection\/","title":{"rendered":"CVE-2025-41233 &#8211; VMware Avi Load Balancer Blind SQL Injection"},"content":{"rendered":"<p><strong>CVE ID : <\/strong>CVE-2025-41233<br \/>\n<br \/>\n<strong>Published : <\/strong> June 12, 2025, 10:15 p.m. | 45\u00a0minutes ago<br \/>\n<br \/>\n<strong>Description : <\/strong>Description:<\/p>\n<p>VMware AVI Load Balancer contains an authenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the  Moderate severity range https:\/\/www.broadcom.com\/support\/vmware-services\/security-response \u00a0with a maximum CVSSv3 base score of  6.8 https:\/\/www.first.org\/cvss\/calculator\/3-0#CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:N\/A:N .<\/p>\n<p>Known Attack Vectors:<\/p>\n<p>An authenticated malicious user with network access may be able to use specially crafted SQL queries to gain database access.<\/p>\n<p>Resolution:<\/p>\n<p>To remediate CVE-2025-41233 apply the patches to the Avi Controller listed in the &#8216;Fixed Version&#8217; column of the &#8216;Response Matrix&#8217; found below.<\/p>\n<p>Workarounds:<\/p>\n<p>None.<\/p>\n<p>Additional Documentation:<\/p>\n<p>None.<\/p>\n<p>Acknowledgements:<\/p>\n<p>VMware would like to thank  Alexandru Copaceanu https:\/\/www.linkedin.com\/in\/alexandru-copaceanu-b39aaa1a8\/ \u00a0for reporting this issue to us.<\/p>\n<p>Notes:<\/p>\n<p>None.<\/p>\n<p>\u00a0<\/p>\n<p>Response Matrix:<\/p>\n<p>ProductVersionRunning OnCVECVSSv4SeverityFixed VersionWorkaroundsAdditional DocumentsVMware Avi Load Balancer30.1.1AnyCVE-2025-41233 6.8 https:\/\/www.first.org\/cvss\/calculator\/3-0#CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:N\/A:N Moderate 30.1.2-2p3 https:\/\/techdocs.broadcom.com\/us\/en\/vmware-security-load-balancing\/avi-load-balancer\/avi-load-balancer\/30-1\/vmware-avi-load-balancer-release-notes\/release-notes-30-1-2.html NoneNoneVMware Avi Load Balancer30.1.2AnyCVE-2025-41233 6.8 https:\/\/www.first.org\/cvss\/calculator\/3-0#CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:N\/A:N Moderate 30.1.2-2p3 https:\/\/techdocs.broadcom.com\/us\/en\/vmware-security-load-balancing\/avi-load-balancer\/avi-load-balancer\/30-1\/vmware-avi-load-balancer-release-notes\/release-notes-30-1-2.html NoneNoneVMware Avi Load Balancer30.2.1AnyCVE-2025-41233 6.8 https:\/\/www.first.org\/cvss\/calculator\/3-0#CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:N\/A:N Moderate 30.2.1-2p6 https:\/\/techdocs.broadcom.com\/us\/en\/vmware-security-load-balancing\/avi-load-balancer\/avi-load-balancer\/30-2\/vmware-avi-load-balancer-release-notes\/release-notes-for-avi-load-balancer-version-30-2-1.html NoneNoneVMware Avi Load Balancer30.2.2AnyCVE-2025-41233 6.8 https:\/\/www.first.org\/cvss\/calculator\/3-0#CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:N\/A:N Moderate 30.2.2-2p5 https:\/\/techdocs.broadcom.com\/us\/en\/vmware-security-load-balancing\/avi-load-balancer\/avi-load-balancer\/30-2\/vmware-avi-load-balancer-release-notes\/release-notes-for-avi-load-balancer-version-30-2-2.html NoneNoneVMware Avi Load Balancer30.2.3AnyCVE-2025-41233N\/AN\/AUnaffectedNoneNoneVMware Avi Load Balancer31.1.1AnyCVE-2025-41233 6.8 https:\/\/www.first.org\/cvss\/calculator\/3-0#CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:N\/A:N Moderate 31.1.1-2p2 https:\/\/techdocs.broadcom.com\/us\/en\/vmware-security-load-balancing\/avi-load-balancer\/avi-load-balancer\/31-1\/vmware-avi-load-balancer-release-notes\/Release-Note-Section-20627.html NoneNone<\/p>\n<p>CWE-89 in the Avi Load Balancer component of VMware allows an authenticated attacker to execute blind SQL injections in versions 30.1.1, 30.1.2, 30.2.1, and 30.2.2 due to improper input validation, enabling unauthorized database access.<br \/>\n<br \/>\n<strong>Severity:<\/strong> 6.8 | MEDIUM<br \/>\n<br \/>\nVisit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID : CVE-2025-41233 Published : June 12, 2025, 10:15 p.m. | 45\u00a0minutes ago Description : Description: VMware AVI Load Balancer contains an authenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the Moderate severity range https:\/\/www.broadcom.com\/support\/vmware-services\/security-response \u00a0with a maximum CVSSv3 base score of 6.8 https:\/\/www.first.org\/cvss\/calculator\/3-0#CVSS:3.0\/AV:N\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:N\/A:N . Known &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-65015","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/65015","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=65015"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/65015\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=65015"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=65015"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=65015"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}