Full Report
Broadcom has alerted of a high-severity security flaw in VMware Avi Load Balancer that could be weaponized by malicious actors to gain entrenched database access. The vulnerability, tracked as CVE-2025-22217 (CVSS score: 8.6), has been described as an unauthenticated blind SQL injection. "A malicious user with network access may be able to use specially crafted SQL queries to gain database
Analysis Summary
# Vulnerability: SQL Injection in VMware Avi Load Balancer
## CVE Details
- CVE ID: CVE-2025-22217
- CVSS Score: 8.6 (High)
- CWE: Not specified in article
## Affected Systems
- Products: VMware Avi Load Balancer
- Versions:
- 30.1.1 (Needs upgrade to 30.1.2 or later before patching)
- 30.1.2
- 30.2.1
- 30.2.2
- Configurations: Any instance with network access that can send crafted SQL queries. Versions 22.x and 21.x are noted as **not** susceptible.
## Vulnerability Description
The vulnerability is an unauthenticated **blind SQL injection**. A malicious user who has network access to the system can exploit this flaw by sending specially crafted SQL queries to gain unauthorized access to the underlying database.
## Exploitation
- Status: Not explicitly stated as exploited in the wild, but the high severity suggests a high potential for exploitation.
- Complexity: Implied to be **Low** given the vulnerability is described as "unauthenticated" and the context suggests straightforward exploitation via crafted queries.
- Attack Vector: Network
## Impact
- Confidentiality: Likely High (Database access can lead to information disclosure)
- Integrity: Likely High (Database manipulation possible)
- Availability: Likely Medium to High (Depending on the nature of database access achieved)
## Remediation
### Patches
- **For v30.1.1:** Must first upgrade to version 30.1.2 or later, and then apply the specific patch for that base version.
- **For v30.1.2:** Fixed in version **30.1.2-2p2**
- **For v30.2.1:** Fixed in version **30.2.1-2p5**
- **For v30.2.2:** Fixed in version **30.2.2-2p2**
### Workarounds
- No workarounds are available; updating to the patched versions is required for protection.
## Detection
- Detection information (IOCs or specific signatures) was not detailed in the summary provided. General detection would involve monitoring network traffic to the Avi Load Balancer instances for unusual or malformed SQL commands directed at management interfaces.
## References
- Vendor Advisory: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25346 (defanged: hXXps://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25346)
- Researcher Acknowledgment: Daniel Kukuczka and Mateusz Darda