Broadcom has warned of security lack of VMware Avi Balancer, which can be armed with angry actors to gain access to the database.
The vulnerability, which is monitored as CVE-2025-22217 (CVSS: 8.6) was described as an unauthorized blind SQL injection.
“A harmful user with network access can use specially created SQL requests to access the database,” the company – Note in a recommendation issued on Tuesday.
Security researchers Daniel Kukucha and Mateusz Darda were recognized for identifying and reporting a vulnerability.
This affects the next software version –
- VMware AVI AVI LOAD BALANCER 30.1.1 (fixed at 30.1.2p2)
- VMware Avi Balcer Balancer 30.1.2 (fixed at 30.1.2p2)
- Vmware Avi Avi Load Balancer 30.2.1 (fixed at 30.2.1-2p5)
- VMware Avi Balcer Balancer 30.2.2 (fixed at 30.2.2p2)
Broadcom further noted that versions 22.x and 21.x are not amenable to CVE-2025-22217, and that users who work in version 30.1.1 must first update up to 30.1.2 or later before applying the patch.
There are no decisions that are decided with the disadvantage, which requires customers updating their instances to the latest version for optimal protection.
