WARNING: HIGH UNAUTHENTICATED BLIND SQL INJECTION VULNERABILITY IN VMWARE AVI LOAD BALANCER, PATCH IMMEDIATELY!

Image
Decorative image
Published : 29/01/2025

Reference:
Advisory #2025-22

Version:
1.0

Affected software:
VMware Avi Load Balancer 30.1.1, 30.1.2, 30.2.1, 30.2.2

Type:
Unauthenticated blind SQL Injection vulnerability

CVE/CVSS:
CVE-2025-22217: CVSS 8.6 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)

Sources

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25346?utm_campaign=VCF_FY25_VCF_Security-Alert-VMSA-2025-0002_MKT_CM_2904&utm_content=VCF_FY25_VCF_Security-Alert_2904_VMSA-2025-0002_MKT_TRANS_EM_4983&utm_medium=email&utm_source=eloqua

Risks

CVE-2025-22217 could allow attackers to gain database access through an unauthenticated blind SQL injection vulnerability. The attack can be executed remotely and does not need user interaction or authentication. This vulnerability could lead to the exposure or theft of sensitive data stored in the database. With a CVSS score of 8.6, the impact is high on confidentiality, integrity and availability.

Description

A vulnerability involving unauthenticated blind SQL injection has been identified in the VMware Avi Load Balancer. An attacker with network access can send specially crafted SQL queries to gain unauthorized access to the database. VMware has privately disclosed this issue and released patches to mitigate the risk. While no public proof-of-concept or confirmed exploitation has been reported, organizations are strongly advised to apply the security updates as soon as possible.

Recommended Actions

Patch

The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.

  • Affected version 30.1.1: patch to 30.1.2-2p2
  • Affected version 30.1.2: patch to 30.1.2-2p2
  • Affected version 30.2.1: patch to 30.2.1-2p2
  • Affected version 30.2.2: patch to 30.2.2-2p2

Monitor/Detect

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion. In case of an intrusion, you can report an incident via https://ccb.belgium.be/nl/cert/een-incident-melden. While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

References

https://cybersecuritynews.com/vmware-avi-load-balancer-vulnerability/