• mehdi@mkvlab.at
May 26, 2025

VMSA-2025-0011 – VMware Avi Load Balancer – SQL Injection Vulnerability

VMware by Broadcom addresses VMware Avi Load Balancer an authenticated blind SQL Injection vulnerability CVE-2025-41233. Avi Load Balancer contains an authenticated blind SQL Injection vulnerability, which was privately reported to VMware. Patches are available to remediate this vulnerability in affected VMware products. An authenticated malicious user with network access may be able to use specially crafted SQL queries to gain database access.

Impacted Products

  • VMware Avi Load Balancer
CVE-2025-41233 | VMware Avi Load Balancer Blind SQL Injection vulnerability

Description:
VMware AVI Load Balancer contains an authenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.8.

Resolution:
To remediate CVE-2025-41233 apply the patches to the Avi Controller listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

Response Matrix:

ProductVersionCVESeverityFixed VersionWorkarounds
VMware Avi Load Balancer30.1.1CVE-2025-41233Moderate30.1.2-2p3None
VMware Avi Load Balancer30.1.2CVE-2025-41233Moderate30.1.2-2p3None
VMware Avi Load Balancer30.2.1CVE-2025-41233Moderate30.2.1-2p6None
VMware Avi Load Balancer30.2.2CVE-2025-41233Moderate30.2.2-2p5None
VMware Avi Load Balancer30.2.3CVE-2025-41233Moderate30.2.3None
VMware Avi Load Balancer31.1.1CVE-2025-41233Moderate31.1.1-2p2None
Response Matrix – CVE-2025-41233

Sources:
Broadcom Blog Post

Fixed Version(s) and Release Notes:
30.1.1/30.1.2
30.2.1
30.2.2
30.2.3
31.1.1

Mehdi
0
Tags :

Leave a Reply

Your email address will not be published. Required fields are marked *

Categories

vExpert Badge

Consulting

I am available for remote consulting and support.

Click here for Resume Download

Archives

Recent Posts