CVE-2025-22217
CVE-2025-22217
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.6EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —
Lifecycle
28 Jan 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability which was privately reported to VMware. Patches are available to remediate this vulnerability in affected VMware products.
A malicious user with network access may be able to use specially crafted SQL queries to gain database access.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Affected products
N/A · VMware AVI Load Balancer