VMware Avi Load Balancer Security Update Advisory (CVE-2025-22217)

Overview

We have released a security update to address a vulnerability in VMware Avi Load Balancer. Users of affected products are advised to update to the latest version.
 

 

Affected Products

 

CVE-2025-22217

VMware Avi Load Balancer Version: 30.1.1
VMware Avi Load Balancer Version: 30.1.2
VMware Avi Load Balancer Version: 30.2.1
VMware Avi Load Balancer Version: 30.2.2

 

Resolved Vulnerabilities

Blind SQL Injection Vulnerability (CVE-2025-22217)

 

 

Vulnerability Patches

Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
 

CVE-2025-22217

VMware Avi Load Balancer Version: 30.1.2-2p2
VMware Avi Load Balancer Version: 30.2.1-2p5
VMware Avi Load Balancer Version: 30.2.2-2p2

 

 

References

[1] VMSA-2025-0002: VMware Avi Load Balancer addresses an unauthenticated blind SQL Injection vulnerability (CVE-2025-22217)
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25346