certfr_avis - CERTFR-2025-AVI-0078

CERTFR-2025-AVI-0078

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été découverte dans VMware Avi Load Balancer. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
VMware	Avi Load Balancer	Avi Load Balancer versions 30.1.x antérieures à 30.1.2-2p2
VMware	Avi Load Balancer	Avi Load Balancer versions 30.2.1 antérieures à 30.2.1-2p5
VMware	Avi Load Balancer	Avi Load Balancer versions 30.2.2 antérieures à 30.2.2-2p2

References

Title

Publication Time

Tags

Bulletin de sécurité VMware 25346

2025-01-28

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Avi Load Balancer versions 30.1.x ant\u00e9rieures \u00e0 30.1.2-2p2 ",
      "product": {
        "name": "Avi Load Balancer",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Avi Load Balancer versions 30.2.1 ant\u00e9rieures \u00e0 30.2.1-2p5 ",
      "product": {
        "name": "Avi Load Balancer",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    },
    {
      "description": "Avi Load Balancer versions 30.2.2 ant\u00e9rieures \u00e0 30.2.2-2p2",
      "product": {
        "name": "Avi Load Balancer",
        "vendor": {
          "name": "VMware",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-22217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-22217"
    }
  ],
  "links": [],
  "reference": "CERTFR-2025-AVI-0078",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-01-29T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans VMware Avi Load Balancer. Elle permet \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance.",
  "title": "Vuln\u00e9rabilit\u00e9 dans VMware Avi Load Balancer",
  "vendor_advisories": [
    {
      "published_at": "2025-01-28",
      "title": "Bulletin de s\u00e9curit\u00e9 VMware 25346",
      "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25346"
    }
  ]
}

CVE-2025-22217 (GCVE-0-2025-22217)

Vulnerability from cvelistv5 – Published: 2025-01-28 18:33 – Updated: 2025-01-29 15:21

Summary

Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability which was privately reported to VMware. Patches are available to remediate this vulnerability in affected VMware products. A malicious user with network access may be able to use specially crafted SQL queries to gain database access.

Severity ?

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CWE

CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Assigner

vmware

References

URL

Tags

https://support.broadcom.com/web/ecx/support-cont…

Impacted products

	Vendor	Product	Version
	N/A	VMware AVI Load Balancer	Affected: VMware AVI Load Balancer 30.1.x and VMware AVI Load Balancer 30.2.x and

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-22217",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-29T04:55:31.130108Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-29T15:21:32.047Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "VMware AVI Load Balancer",
          "vendor": "N/A",
          "versions": [
            {
              "status": "affected",
              "version": "VMware AVI Load Balancer 30.1.x and VMware AVI Load Balancer 30.2.x and"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAvi Load Balancer contains an unauthenticated blind SQL Injection vulnerability which was privately reported to VMware. Patches are available to remediate this vulnerability in affected VMware products.\u0026nbsp;\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA malicious user with network access may be able to use specially crafted SQL queries to gain database access.\u003c/span\u003e\n\n\u003c/span\u003e"
            }
          ],
          "value": "Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability which was privately reported to VMware. Patches are available to remediate this vulnerability in affected VMware products.\u00a0\n\nA malicious user with network access may be able to use specially crafted SQL queries to gain database access."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-28T18:33:36.486Z",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25346"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2025-22217",
    "datePublished": "2025-01-28T18:33:36.486Z",
    "dateReserved": "2025-01-02T04:29:30.444Z",
    "dateUpdated": "2025-01-29T15:21:32.047Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CERTFR-2025-AVI-0078

Solutions

CVE-2025-22217 (GCVE-0-2025-22217)

Tags

Sightings

Nomenclature