Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                             CERT-Renater

                  Note d'Information No. 2025/VULN055

_____________________________________________________________________

DATE                : 29/01/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running VMware Avi Load Balancer versions
                      prior to 30.1.2-2p2, 30.2.1-2p5, 30.2.2-2p2.

=====================================================================
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25346
_____________________________________________________________________

VMSA-2025-0002: VMware Avi Load Balancer addresses an unauthenticated
blind SQL Injection vulnerability (CVE-2025-22217)

Product/Component

VMware Avi Load Balancer

Notification Id
25346

Last Updated
28 January 2025

Initial Publication Date
28 January 2025

Status
OPEN

Severity
HIGH

CVSS Base Score
8.6

WorkAround

Affected CVE
CVE-2025-22217

Advisory ID:
VMSA-2024-0002

Severity:
Important

CVSSv3 Range:
8.6

Synopsis:

VMware Avi Load Balancer addresses an unauthenticated blind SQL
Injection vulnerability (CVE-2025-22217)

Issue date:
2025-01-28

Updated on:
2025-01-28 (Initial Advisory)

CVE(s)
CVE-2025-22217
 
1. Impacted Products

    VMware Avi Load Balancer

2. Introduction

Avi Load Balancer contains an unauthenticated blind SQL Injection
vulnerability which was privately reported to VMware. Patches
are available to remediate this vulnerability in affected VMware
products.

3. VMware Avi Load Balancer Blind SQL Injection vulnerability
(CVE-2025-22217)

Description:

VMware AVI Load Balancer contains an unauthenticated blind SQL
Injection vulnerability. VMware has evaluated the severity of
the issue to be in the Important severity range with a maximum
CVSSv3 base score of 8.6.

Known Attack Vectors:

A malicious user with network access may be able to use
specially crafted SQL queries to gain database access.

Resolution:

To remediate CVE-2025-22217 apply the patches to the Avi
Controller listed in the 'Fixed Version' column of the
'Response Matrix' found below.


Workarounds:
None.

Additional Documentation:
None.

Acknowledgements:
VMware would like to thank Daniel Kukuczka and Mateusz Darda
for reporting this issue to us.

Notes:
None.
 

Response Matrix:

Product         Version         Running On         CVE         CVSSv3
Severity         Fixed Version         Workarounds         Additional Documents

VMware Avi Load Balancer         30.1.1         Any         CVE-2025-22217
8.6         Important   30.1.2-2p2     None         None

VMware Avi Load Balancer         30.1.2         Any         CVE-2025-22217         8.6
Important         30.1.2-2p2          None         None

VMware Avi Load Balancer         30.2.1         Any         CVE-2025-22217         8.6
Important         30.2.1-2p5          None         None

VMware Avi Load Balancer         30.2.2         Any         CVE-2025-22217         8.6
Important         30.2.2-2p2          None         None


4. References:

Fixed Version(s) and Release Notes:

30.1.1/30.1.2

https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html

30.2.1

https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-1.html

30.2.2

https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-2.html

Additional Documentation:

Version 22.x and 21.x are not vulnerable.
Version 30.1.1 must be upgraded to 30.1.2 or later before the
patch can be applied.

Mitre CVE Dictionary Links:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22217

FIRST CVSSv3 Calculator:

https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N


5. Change Log:

2025-01-28: VMSA-2025-0002
Initial security advisory.


6. Contact:

E-mail: [email protected]

PGP key

https://knowledge.broadcom.com/external/article/321551

VMware Security Advisories

https://www.broadcom.com/support/vmware-security-advisories

VMware External Vulnerability Response and Remediation Policy
https://www.broadcom.com/support/vmware-services/security-response

VMware Lifecycle Support Phases

https://support.broadcom.com/group/ecx/productlifecycle

VMware Security Blog

https://blogs.vmware.com/security

X
https://x.com/VMwareSRC

Copyright 2025 Broadcom All rights reserved.

        
=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================