You are currently viewing Protect Your Systems: VMware Avi Load Balancer Hit by High-Risk SQL Injection Flaw

Protect Your Systems: VMware Avi Load Balancer Hit by High-Risk SQL Injection Flaw

  • Post author:
  • Reading time:6 mins read

Introduction

Cybersecurity is a top priority for businesses worldwide, and vulnerabilities in critical software can have dire consequences. A recent high-severity flaw discovered in VMware Avi Load Balancer has raised alarms for IT teams and security professionals. This vulnerability tracked as CVE-2025-22217, could potentially allow cybercriminals to gain unauthorized access to sensitive database information, posing a significant risk to organizations relying on VMware’s load-balancing technology.

In this blog, we will delve into the details of this vulnerability, the affected versions of VMware Avi Load Balancer, and the steps you should take to secure your systems.

What is CVE-2025-22217?

The flaw is an unauthenticated blind SQL injection vulnerability, with a CVSS score of 8.6, making it a critical security concern. The vulnerability allows an attacker with network access to craft and execute specially designed SQL queries. These queries could be used to manipulate or retrieve sensitive data from the associated database without authentication.

An unauthenticated SQL injection means that attackers do not need to log in to the system to exploit this weakness, making it even more dangerous. Once they gain access, they gain complete control over the database, leading to data breaches, service disruptions, and other malicious activities.

Affected Versions of VMware Avi Load Balancer

This vulnerability affects the following versions of VMware Avi Load Balancer:

  • VMware Avi Load Balancer 30.1.1 (Fixed in 30.1.2-2p2)
  • VMware Avi Load Balancer 30.1.2 (Fixed in 30.1.2-2p2)
  • VMware Avi Load Balancer 30.2.1 (Fixed in 30.2.1-2p5)
  • VMware Avi Load Balancer 30.2.2 (Fixed in 30.2.2-2p2)

Broadcom, which owns VMware, confirmed that this vulnerability does not impact versions 22.x and 21.x, so users on those versions do not need to worry about the flaw.

How Does the Vulnerability Work?

The vulnerability allows attackers to send malicious SQL queries to the load balancer, which processes the request without proper validation. In a blind SQL injection attack, attackers don’t receive direct output from the system, but they can still infer information about the underlying database by manipulating queries. This attack is stealthy and difficult to detect, as it does not generate apparent errors or warnings that would alert administrators.

An attacker who successfully exploits this flaw could gain database access and potentially manipulate or leak sensitive information, compromise system integrity, or escalate privileges, making it a serious threat to any organization using affected versions of VMware Avi Load Balancer.

What Are the Fixes?

To mitigate the risks posed by CVE-2025-22217, VMware has released patches in the following updated versions:

  • 30.1.2 or later
  • 30.2.1-2p5 or later
  • 30.2.2-2p2 or later

Broadcom also recommended that customers using version 30.1.1 upgrade to version 30.1.2 or later before applying the patch to ensure adequate protection.

No Workarounds Available

Unfortunately, no workarounds are available to address the vulnerability. As a result, the only viable option is for users to upgrade to the patched versions to ensure their systems remain secure.

Conclusion

The discovery of CVE-2025-22217 serves as a reminder of the ongoing need for vigilance in cybersecurity. Even widely used technologies like VMware’s Avi Load Balancer can harbour critical vulnerabilities that, if exploited, can have serious consequences for organizations and their data.

Security professionals and IT teams should prioritize applying patches and updates promptly. Given the severity of this flaw, there is no time to waste in securing systems against potential attacks. Organizations can significantly reduce their exposure to this and similar vulnerabilities by staying informed and acting quickly.

Patch Dangerous Vulns Instantly with SanerNow

SecPod SanerNow is the Patch Management tool you need to detect and patch dangerous risks and remediate your attack surface. SanerNow automatically scans for risks, downloads and deploys patches accordingly. Further, SanerNow supports all major OSs and 550+ third-party applications.

Schedule a demo and keep your systems updated and secure with SanerNow: Schedule here