42/68 Thursday, January 30, 2025
VMware has released a patch to fix CVE-2025-22217, a Blind SQL Injection vulnerability with a CVSS severity score of 8.6. This vulnerability allows attackers with network access to send specially crafted SQL queries to the system’s database without authentication.
Avi Load Balancer, formerly known as Avi Vantage, is a Software-Defined Application Delivery Controller (ADC) designed to support multi-cloud environments, including public, private, and hybrid clouds. The vulnerability was reported by Daniel Kukuczka and Mateusz Darda, and VMware has confirmed that no temporary workaround is available.
The affected versions include Avi Load Balancer 30.1.1, 30.1.2, 30.2.1, and 30.2.2. VMware has now released a security patch to mitigate the issue and urges users to update their systems as soon as possible to prevent potential attacks.
Source https://securityaffairs.com/173569/security/vmware-fixed-avi-load-balancer-flaw.html
