Search criteria
6 vulnerabilities found for Avi Load Balancer by VMware
CVE-2025-41233 (GCVE-0-2025-41233)
Vulnerability from cvelistv5 – Published: 2025-06-12 21:39 – Updated: 2025-06-13 14:05
VLAI?
Summary
Description:
VMware AVI Load Balancer contains an authenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the Moderate severity range https://www.broadcom.com/support/vmware-services/security-response with a maximum CVSSv3 base score of 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N .
Known Attack Vectors:
An authenticated malicious user with network access may be able to use specially crafted SQL queries to gain database access.
Resolution:
To remediate CVE-2025-41233 apply the patches to the Avi Controller listed in the 'Fixed Version' column of the 'Response Matrix' found below.
Workarounds:
None.
Additional Documentation:
None.
Acknowledgements:
VMware would like to thank Alexandru Copaceanu https://www.linkedin.com/in/alexandru-copaceanu-b39aaa1a8/ for reporting this issue to us.
Notes:
None.
Response Matrix:
ProductVersionRunning OnCVECVSSv4SeverityFixed VersionWorkaroundsAdditional DocumentsVMware Avi Load Balancer30.1.1AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.1.2-2p3 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html NoneNoneVMware Avi Load Balancer30.1.2AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.1.2-2p3 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html NoneNoneVMware Avi Load Balancer30.2.1AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.2.1-2p6 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-1.html NoneNoneVMware Avi Load Balancer30.2.2AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.2.2-2p5 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-2.html NoneNoneVMware Avi Load Balancer30.2.3AnyCVE-2025-41233N/AN/AUnaffectedNoneNoneVMware Avi Load Balancer31.1.1AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 31.1.1-2p2 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/31-1/vmware-avi-load-balancer-release-notes/Release-Note-Section-20627.html NoneNone
CWE-89 in the Avi Load Balancer component of VMware allows an authenticated attacker to execute blind SQL injections in versions 30.1.1, 30.1.2, 30.2.1, and 30.2.2 due to improper input validation, enabling unauthorized database access.
Severity ?
6.8 (Medium)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| VMware | Avi Load Balancer |
Affected:
30.1.1
(ANY)
Affected: 30.1.2 (ANY) Affected: 30.2.1 (ANY) Affected: 30.2.2 (ANY) Unaffected: 30.2.3 Affected: 31.1.1 (ANY) Unaffected: 30.1.2-2p3 (ANY) Unaffected: 30.2.1-2p6 (ANY) Unaffected: 30.2.2-2p5 (ANY) Unaffected: 31.1.1-2p2 (ANY) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41233",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-13T14:05:34.365225Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-13T14:05:40.989Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Avi Load Balancer",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "30.1.1",
"versionType": "ANY"
},
{
"status": "affected",
"version": "30.1.2",
"versionType": "ANY"
},
{
"status": "affected",
"version": "30.2.1",
"versionType": "ANY"
},
{
"status": "affected",
"version": "30.2.2",
"versionType": "ANY"
},
{
"status": "unaffected",
"version": "30.2.3"
},
{
"status": "affected",
"version": "31.1.1",
"versionType": "ANY"
},
{
"status": "unaffected",
"version": "30.1.2-2p3",
"versionType": "ANY"
},
{
"status": "unaffected",
"version": "30.2.1-2p6",
"versionType": "ANY"
},
{
"status": "unaffected",
"version": "30.2.2-2p5",
"versionType": "ANY"
},
{
"status": "unaffected",
"version": "31.1.1-2p2",
"versionType": "ANY"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eVMware AVI Load Balancer contains an authenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.broadcom.com/support/vmware-services/security-response\"\u003eModerate severity range\u003c/a\u003e\u0026nbsp;with a maximum CVSSv3 base score of \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\"\u003e6.8\u003c/a\u003e.\u003cbr\u003e\u003cbr\u003e\u003cstrong\u003eKnown Attack Vectors:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eAn authenticated malicious user with network access may be able to use specially crafted SQL queries to gain database access.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eResolution:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eTo remediate CVE-2025-41233 apply the patches to the Avi Controller listed in the \u0027Fixed Version\u0027 column of the \u0027Response Matrix\u0027 found below.\u003cbr\u003e\u003cbr\u003e\u003cstrong\u003eWorkarounds:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eNone.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAdditional Documentation:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eNone.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAcknowledgements:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eVMware would like to thank \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/alexandru-copaceanu-b39aaa1a8/\"\u003eAlexandru Copaceanu\u003c/a\u003e\u0026nbsp;for reporting this issue to us.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eNone.\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eResponse Matrix:\u003c/strong\u003e\u003c/p\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProduct\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eVersion\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eRunning On\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eCVE\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eCVSSv4\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eSeverity\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixed Version\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eWorkarounds\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eAdditional Documents\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eVMware Avi Load Balancer\u003c/td\u003e\u003ctd\u003e30.1.1\u003c/td\u003e\u003ctd\u003eAny\u003c/td\u003e\u003ctd\u003eCVE-2025-41233\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\"\u003e6.8\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eModerate\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html\"\u003e30.1.2-2p3\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eVMware Avi Load Balancer\u003c/td\u003e\u003ctd\u003e30.1.2\u003c/td\u003e\u003ctd\u003eAny\u003c/td\u003e\u003ctd\u003eCVE-2025-41233\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\"\u003e6.8\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eModerate\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html\"\u003e30.1.2-2p3\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eVMware Avi Load Balancer\u003c/td\u003e\u003ctd\u003e30.2.1\u003c/td\u003e\u003ctd\u003eAny\u003c/td\u003e\u003ctd\u003eCVE-2025-41233\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\"\u003e6.8\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eModerate\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-1.html\"\u003e30.2.1-2p6\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eVMware Avi Load Balancer\u003c/td\u003e\u003ctd\u003e30.2.2\u003c/td\u003e\u003ctd\u003eAny\u003c/td\u003e\u003ctd\u003eCVE-2025-41233\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\"\u003e6.8\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eModerate\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-2.html\"\u003e30.2.2-2p5\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eVMware Avi Load Balancer\u003c/td\u003e\u003ctd\u003e30.2.3\u003c/td\u003e\u003ctd\u003eAny\u003c/td\u003e\u003ctd\u003eCVE-2025-41233\u003c/td\u003e\u003ctd\u003eN/A\u003c/td\u003e\u003ctd\u003eN/A\u003c/td\u003e\u003ctd\u003eUnaffected\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eVMware Avi Load Balancer\u003c/td\u003e\u003ctd\u003e31.1.1\u003c/td\u003e\u003ctd\u003eAny\u003c/td\u003e\u003ctd\u003eCVE-2025-41233\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\"\u003e6.8\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eModerate\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/31-1/vmware-avi-load-balancer-release-notes/Release-Note-Section-20627.html\"\u003e31.1.1-2p2\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e\u003cbr\u003eCWE-89 in the Avi Load Balancer component of VMware allows an authenticated attacker to execute blind SQL injections in versions 30.1.1, 30.1.2, 30.2.1, and 30.2.2 due to improper input validation, enabling unauthorized database access."
}
],
"value": "Description:\n\nVMware AVI Load Balancer contains an authenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the Moderate severity range https://www.broadcom.com/support/vmware-services/security-response \u00a0with a maximum CVSSv3 base score of 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N .\n\nKnown Attack Vectors:\n\nAn authenticated malicious user with network access may be able to use specially crafted SQL queries to gain database access.\n\nResolution:\n\nTo remediate CVE-2025-41233 apply the patches to the Avi Controller listed in the \u0027Fixed Version\u0027 column of the \u0027Response Matrix\u0027 found below.\n\nWorkarounds:\n\nNone.\n\nAdditional Documentation:\n\nNone.\n\nAcknowledgements:\n\nVMware would like to thank Alexandru Copaceanu https://www.linkedin.com/in/alexandru-copaceanu-b39aaa1a8/ \u00a0for reporting this issue to us.\n\nNotes:\n\nNone.\n\n\u00a0\n\nResponse Matrix:\n\nProductVersionRunning OnCVECVSSv4SeverityFixed VersionWorkaroundsAdditional DocumentsVMware Avi Load Balancer30.1.1AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.1.2-2p3 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html NoneNoneVMware Avi Load Balancer30.1.2AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.1.2-2p3 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html NoneNoneVMware Avi Load Balancer30.2.1AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.2.1-2p6 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-1.html NoneNoneVMware Avi Load Balancer30.2.2AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.2.2-2p5 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-2.html NoneNoneVMware Avi Load Balancer30.2.3AnyCVE-2025-41233N/AN/AUnaffectedNoneNoneVMware Avi Load Balancer31.1.1AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 31.1.1-2p2 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/31-1/vmware-avi-load-balancer-release-notes/Release-Note-Section-20627.html NoneNone\n\nCWE-89 in the Avi Load Balancer component of VMware allows an authenticated attacker to execute blind SQL injections in versions 30.1.1, 30.1.2, 30.2.1, and 30.2.2 due to improper input validation, enabling unauthorized database access."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Authenticated blind SQL injection may allow attackers to perform unauthorized database queries, potentially leading to data exposure or modification."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-12T21:39:53.475Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25707"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-41233",
"datePublished": "2025-06-12T21:39:53.475Z",
"dateReserved": "2025-04-16T09:29:46.972Z",
"dateUpdated": "2025-06-13T14:05:40.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-41233 (GCVE-0-2025-41233)
Vulnerability from nvd – Published: 2025-06-12 21:39 – Updated: 2025-06-13 14:05
VLAI?
Summary
Description:
VMware AVI Load Balancer contains an authenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the Moderate severity range https://www.broadcom.com/support/vmware-services/security-response with a maximum CVSSv3 base score of 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N .
Known Attack Vectors:
An authenticated malicious user with network access may be able to use specially crafted SQL queries to gain database access.
Resolution:
To remediate CVE-2025-41233 apply the patches to the Avi Controller listed in the 'Fixed Version' column of the 'Response Matrix' found below.
Workarounds:
None.
Additional Documentation:
None.
Acknowledgements:
VMware would like to thank Alexandru Copaceanu https://www.linkedin.com/in/alexandru-copaceanu-b39aaa1a8/ for reporting this issue to us.
Notes:
None.
Response Matrix:
ProductVersionRunning OnCVECVSSv4SeverityFixed VersionWorkaroundsAdditional DocumentsVMware Avi Load Balancer30.1.1AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.1.2-2p3 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html NoneNoneVMware Avi Load Balancer30.1.2AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.1.2-2p3 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html NoneNoneVMware Avi Load Balancer30.2.1AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.2.1-2p6 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-1.html NoneNoneVMware Avi Load Balancer30.2.2AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.2.2-2p5 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-2.html NoneNoneVMware Avi Load Balancer30.2.3AnyCVE-2025-41233N/AN/AUnaffectedNoneNoneVMware Avi Load Balancer31.1.1AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 31.1.1-2p2 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/31-1/vmware-avi-load-balancer-release-notes/Release-Note-Section-20627.html NoneNone
CWE-89 in the Avi Load Balancer component of VMware allows an authenticated attacker to execute blind SQL injections in versions 30.1.1, 30.1.2, 30.2.1, and 30.2.2 due to improper input validation, enabling unauthorized database access.
Severity ?
6.8 (Medium)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| VMware | Avi Load Balancer |
Affected:
30.1.1
(ANY)
Affected: 30.1.2 (ANY) Affected: 30.2.1 (ANY) Affected: 30.2.2 (ANY) Unaffected: 30.2.3 Affected: 31.1.1 (ANY) Unaffected: 30.1.2-2p3 (ANY) Unaffected: 30.2.1-2p6 (ANY) Unaffected: 30.2.2-2p5 (ANY) Unaffected: 31.1.1-2p2 (ANY) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-41233",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-13T14:05:34.365225Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-13T14:05:40.989Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Avi Load Balancer",
"vendor": "VMware",
"versions": [
{
"status": "affected",
"version": "30.1.1",
"versionType": "ANY"
},
{
"status": "affected",
"version": "30.1.2",
"versionType": "ANY"
},
{
"status": "affected",
"version": "30.2.1",
"versionType": "ANY"
},
{
"status": "affected",
"version": "30.2.2",
"versionType": "ANY"
},
{
"status": "unaffected",
"version": "30.2.3"
},
{
"status": "affected",
"version": "31.1.1",
"versionType": "ANY"
},
{
"status": "unaffected",
"version": "30.1.2-2p3",
"versionType": "ANY"
},
{
"status": "unaffected",
"version": "30.2.1-2p6",
"versionType": "ANY"
},
{
"status": "unaffected",
"version": "30.2.2-2p5",
"versionType": "ANY"
},
{
"status": "unaffected",
"version": "31.1.1-2p2",
"versionType": "ANY"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eVMware AVI Load Balancer contains an authenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.broadcom.com/support/vmware-services/security-response\"\u003eModerate severity range\u003c/a\u003e\u0026nbsp;with a maximum CVSSv3 base score of \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\"\u003e6.8\u003c/a\u003e.\u003cbr\u003e\u003cbr\u003e\u003cstrong\u003eKnown Attack Vectors:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eAn authenticated malicious user with network access may be able to use specially crafted SQL queries to gain database access.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eResolution:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eTo remediate CVE-2025-41233 apply the patches to the Avi Controller listed in the \u0027Fixed Version\u0027 column of the \u0027Response Matrix\u0027 found below.\u003cbr\u003e\u003cbr\u003e\u003cstrong\u003eWorkarounds:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eNone.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAdditional Documentation:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eNone.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAcknowledgements:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eVMware would like to thank \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/alexandru-copaceanu-b39aaa1a8/\"\u003eAlexandru Copaceanu\u003c/a\u003e\u0026nbsp;for reporting this issue to us.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eNone.\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eResponse Matrix:\u003c/strong\u003e\u003c/p\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProduct\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eVersion\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eRunning On\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eCVE\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eCVSSv4\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eSeverity\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixed Version\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eWorkarounds\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eAdditional Documents\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eVMware Avi Load Balancer\u003c/td\u003e\u003ctd\u003e30.1.1\u003c/td\u003e\u003ctd\u003eAny\u003c/td\u003e\u003ctd\u003eCVE-2025-41233\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\"\u003e6.8\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eModerate\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html\"\u003e30.1.2-2p3\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eVMware Avi Load Balancer\u003c/td\u003e\u003ctd\u003e30.1.2\u003c/td\u003e\u003ctd\u003eAny\u003c/td\u003e\u003ctd\u003eCVE-2025-41233\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\"\u003e6.8\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eModerate\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html\"\u003e30.1.2-2p3\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eVMware Avi Load Balancer\u003c/td\u003e\u003ctd\u003e30.2.1\u003c/td\u003e\u003ctd\u003eAny\u003c/td\u003e\u003ctd\u003eCVE-2025-41233\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\"\u003e6.8\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eModerate\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-1.html\"\u003e30.2.1-2p6\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eVMware Avi Load Balancer\u003c/td\u003e\u003ctd\u003e30.2.2\u003c/td\u003e\u003ctd\u003eAny\u003c/td\u003e\u003ctd\u003eCVE-2025-41233\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\"\u003e6.8\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eModerate\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-2.html\"\u003e30.2.2-2p5\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eVMware Avi Load Balancer\u003c/td\u003e\u003ctd\u003e30.2.3\u003c/td\u003e\u003ctd\u003eAny\u003c/td\u003e\u003ctd\u003eCVE-2025-41233\u003c/td\u003e\u003ctd\u003eN/A\u003c/td\u003e\u003ctd\u003eN/A\u003c/td\u003e\u003ctd\u003eUnaffected\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eVMware Avi Load Balancer\u003c/td\u003e\u003ctd\u003e31.1.1\u003c/td\u003e\u003ctd\u003eAny\u003c/td\u003e\u003ctd\u003eCVE-2025-41233\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\"\u003e6.8\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eModerate\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/31-1/vmware-avi-load-balancer-release-notes/Release-Note-Section-20627.html\"\u003e31.1.1-2p2\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e\u003cbr\u003eCWE-89 in the Avi Load Balancer component of VMware allows an authenticated attacker to execute blind SQL injections in versions 30.1.1, 30.1.2, 30.2.1, and 30.2.2 due to improper input validation, enabling unauthorized database access."
}
],
"value": "Description:\n\nVMware AVI Load Balancer contains an authenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the Moderate severity range https://www.broadcom.com/support/vmware-services/security-response \u00a0with a maximum CVSSv3 base score of 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N .\n\nKnown Attack Vectors:\n\nAn authenticated malicious user with network access may be able to use specially crafted SQL queries to gain database access.\n\nResolution:\n\nTo remediate CVE-2025-41233 apply the patches to the Avi Controller listed in the \u0027Fixed Version\u0027 column of the \u0027Response Matrix\u0027 found below.\n\nWorkarounds:\n\nNone.\n\nAdditional Documentation:\n\nNone.\n\nAcknowledgements:\n\nVMware would like to thank Alexandru Copaceanu https://www.linkedin.com/in/alexandru-copaceanu-b39aaa1a8/ \u00a0for reporting this issue to us.\n\nNotes:\n\nNone.\n\n\u00a0\n\nResponse Matrix:\n\nProductVersionRunning OnCVECVSSv4SeverityFixed VersionWorkaroundsAdditional DocumentsVMware Avi Load Balancer30.1.1AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.1.2-2p3 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html NoneNoneVMware Avi Load Balancer30.1.2AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.1.2-2p3 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html NoneNoneVMware Avi Load Balancer30.2.1AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.2.1-2p6 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-1.html NoneNoneVMware Avi Load Balancer30.2.2AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.2.2-2p5 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-2.html NoneNoneVMware Avi Load Balancer30.2.3AnyCVE-2025-41233N/AN/AUnaffectedNoneNoneVMware Avi Load Balancer31.1.1AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 31.1.1-2p2 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/31-1/vmware-avi-load-balancer-release-notes/Release-Note-Section-20627.html NoneNone\n\nCWE-89 in the Avi Load Balancer component of VMware allows an authenticated attacker to execute blind SQL injections in versions 30.1.1, 30.1.2, 30.2.1, and 30.2.2 due to improper input validation, enabling unauthorized database access."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Authenticated blind SQL injection may allow attackers to perform unauthorized database queries, potentially leading to data exposure or modification."
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-12T21:39:53.475Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25707"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-41233",
"datePublished": "2025-06-12T21:39:53.475Z",
"dateReserved": "2025-04-16T09:29:46.972Z",
"dateUpdated": "2025-06-13T14:05:40.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CERTFR-2025-AVI-0443
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans VMware Avi Load Balancer. Elle permet à un attaquant de provoquer une injection SQL (SQLi).
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Avi Load Balancer | Avi Load Balancer versions 30.2.2 antérieures à 30.2.2-2p5 | ||
| VMware | Avi Load Balancer | Avi Load Balancer versions 31.x antérieures à 31.1.1-2p2 | ||
| VMware | Avi Load Balancer | Avi Load Balancer versions 30.1.x antérieures à 30.1.2-2p3 | ||
| VMware | Avi Load Balancer | Avi Load Balancer versions 30.2.1 antérieures à 30.2.1-2p6 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Avi Load Balancer versions 30.2.2 ant\u00e9rieures \u00e0 30.2.2-2p5",
"product": {
"name": "Avi Load Balancer",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Avi Load Balancer versions 31.x ant\u00e9rieures \u00e0 31.1.1-2p2",
"product": {
"name": "Avi Load Balancer",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Avi Load Balancer versions 30.1.x ant\u00e9rieures \u00e0 30.1.2-2p3",
"product": {
"name": "Avi Load Balancer",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Avi Load Balancer versions 30.2.1 ant\u00e9rieures \u00e0 30.2.1-2p6",
"product": {
"name": "Avi Load Balancer",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-41233",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-41233"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0443",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-05-23T00:00:00.000000"
}
],
"risks": [
{
"description": "Injection SQL (SQLi)"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans VMware Avi Load Balancer. Elle permet \u00e0 un attaquant de provoquer une injection SQL (SQLi).",
"title": "Vuln\u00e9rabilit\u00e9 dans VMware Avi Load Balancer",
"vendor_advisories": [
{
"published_at": "2025-05-22",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 25707",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25707"
}
]
}
CERTFR-2025-AVI-0078
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité a été découverte dans VMware Avi Load Balancer. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| VMware | Avi Load Balancer | Avi Load Balancer versions 30.1.x antérieures à 30.1.2-2p2 | ||
| VMware | Avi Load Balancer | Avi Load Balancer versions 30.2.1 antérieures à 30.2.1-2p5 | ||
| VMware | Avi Load Balancer | Avi Load Balancer versions 30.2.2 antérieures à 30.2.2-2p2 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Avi Load Balancer versions 30.1.x ant\u00e9rieures \u00e0 30.1.2-2p2 ",
"product": {
"name": "Avi Load Balancer",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Avi Load Balancer versions 30.2.1 ant\u00e9rieures \u00e0 30.2.1-2p5 ",
"product": {
"name": "Avi Load Balancer",
"vendor": {
"name": "VMware",
"scada": false
}
}
},
{
"description": "Avi Load Balancer versions 30.2.2 ant\u00e9rieures \u00e0 30.2.2-2p2",
"product": {
"name": "Avi Load Balancer",
"vendor": {
"name": "VMware",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2025-22217",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-22217"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0078",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-01-29T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans VMware Avi Load Balancer. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.",
"title": "Vuln\u00e9rabilit\u00e9 dans VMware Avi Load Balancer",
"vendor_advisories": [
{
"published_at": "2025-01-28",
"title": "Bulletin de s\u00e9curit\u00e9 VMware 25346",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25346"
}
]
}