Warning Issued Over Critical Vulnerability in VMware Avi Load Balancer
Broadcom has announced a significant security vulnerability in VMware’s Avi Load Balancer, classified as high severity, which could potentially be exploited by malicious actors to gain unauthorized access to sensitive database information. The vulnerability is labeled CVE-2025-22217, with a CVSS score of 8.6, indicating a serious threat level that requires immediate attention.
This security flaw has been identified as an unauthenticated blind SQL injection, which allows an attacker with network access to execute specially crafted SQL queries. Such exploitation could lead to deep penetration into database systems, which poses serious risks for affected organizations. The company’s advisory, released this past Tuesday, emphasizes that the nature of this vulnerability could enable cybercriminals to manipulate data and gain control over databases without authentication.
Security researchers Daniel Kukuczka and Mateusz Darda have been credited for uncovering and reporting this critical issue. Their findings underscore the need for organization-wide vigilance in monitoring and understanding cybersecurity threats.
The specific versions affected by this vulnerability include VMware Avi Load Balancer 30.1.1 and 30.1.2, as well as versions 30.2.1 and 30.2.2. Each of these iterations has known patches, which appear in subsequent releases, making it imperative for users to upgrade to either 30.1.2-2p2 or 30.2.1-2p5 depending on their current software version. Notably, Broadcom has confirmed that versions 22.x and 21.x are not impacted by CVE-2025-22217, offering some reassurance to users on those versions.
Given the severity of this vulnerability, business owners must take immediate action to secure their systems, as there are no viable workarounds to mitigate the risk. It is crucial for organizations to update their instances to the latest versions to protect against potential exploitation.
In the context of the MITRE ATT&CK framework, this vulnerability could be linked to various adversary tactics and techniques. The initial access may be achieved through exploitation of this SQL injection, while persistence could be established by attackers gaining unauthorized database access, allowing for further exploitation or lateral movement within the network.
As threats in the cybersecurity landscape evolve, it is essential for organizations to remain vigilant and proactive in managing vulnerabilities within their systems. Staying informed about the latest security advisories and implementing timely updates will serve as critical defenses against potential cyber attacks that target database integrity and access.
