CVE-2025-22217

CVSS 3.1 Score 8.6 of 10 (high)

Details

Published Jan 28, 2025

CWE ID 89

Summary

CVE-2025-22217 is a newly disclosed vulnerability affecting Avi Load Balancer. This unauthenticated SQL Injection flaw, reported privately to VMware, allows malicious users with network access to execute SQL queries and potentially gain database access, posing a significant security risk. VMware has released patches to mitigate this vulnerability in the affected VMware products. Organizations using these products are advised to apply the patch promptly to prevent potential exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Avi Load Balancer

Affected Vendors

Aviat Networks, Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/2GwSfZ
https://www.cve.org/CVERecord?id=CVE-2025-22217
https://nvd.nist.gov/vuln/detail/CVE-2025-22217

Back to Vulnerability Database