CVE-2025-22217

HIGH

VMware AVI Load Balancer 30.1.x-30.2.x - Unauthenticated Blind SQL Injection

Title source: llm
STIX 2.1

Description

Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability which was privately reported to VMware. Patches are available to remediate this vulnerability in affected VMware products.  A malicious user with network access may be able to use specially crafted SQL queries to gain database access.

Scores

CVSS v3 8.6
EPSS 0.0063
EPSS Percentile 45.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
N/A/VMware AVI Load Balancer VMware AVI Load Balancer 30.1.x and VMware AVI Load Balancer 30.2.x and
Published Jan 28, 2025
Tracked Since Feb 18, 2026