PT-2025-1305 · Avi · Avi Load Balancer

Daniel Kukuczka

Published

2025-01-28

Updated

2025-02-05

CVE-2025-22217

CVSS v3.1

8.6

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Avi Load Balancer versions 30.1.1 through 30.2.2

Description The Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability. A malicious user with network access may be able to use specially crafted SQL queries to gain database access. This issue can lead to unauthorized access to databases, potentially resulting in data breaches.

Recommendations For Avi Load Balancer versions 30.1.1 through 30.2.2, update to a patched version to prevent database compromise. As a temporary workaround, consider restricting access to the database until a patch is available.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

BDU:2025-00899

CVE-2025-22217

Affected Products

Avi Load Balancer

PT-2025-1305 · Avi · Avi Load Balancer

CVE-2025-22217

Weakness Enumeration

Related Identifiers

Affected Products

References · 37