← back
CVE-2025-22217

CVE-2025-22217

CVSS 8.6 HIGHEPSS 0.6%CWE-89
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 8.6EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
28 Jan 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability which was privately reported to VMware. Patches are available to remediate this vulnerability in affected VMware products.  A malicious user with network access may be able to use specially crafted SQL queries to gain database access.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N