CVE-2025-41233 (GCVE-0-2025-41233)
Vulnerability from cvelistv5
Published
2025-06-12 21:39
Modified
2025-06-13 14:05
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
CWE
  • CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
Description: VMware AVI Load Balancer contains an authenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the Moderate severity range https://www.broadcom.com/support/vmware-services/security-response  with a maximum CVSSv3 base score of 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N . Known Attack Vectors: An authenticated malicious user with network access may be able to use specially crafted SQL queries to gain database access. Resolution: To remediate CVE-2025-41233 apply the patches to the Avi Controller listed in the 'Fixed Version' column of the 'Response Matrix' found below. Workarounds: None. Additional Documentation: None. Acknowledgements: VMware would like to thank Alexandru Copaceanu https://www.linkedin.com/in/alexandru-copaceanu-b39aaa1a8/  for reporting this issue to us. Notes: None.   Response Matrix: ProductVersionRunning OnCVECVSSv4SeverityFixed VersionWorkaroundsAdditional DocumentsVMware Avi Load Balancer30.1.1AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.1.2-2p3 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html NoneNoneVMware Avi Load Balancer30.1.2AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.1.2-2p3 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html NoneNoneVMware Avi Load Balancer30.2.1AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.2.1-2p6 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-1.html NoneNoneVMware Avi Load Balancer30.2.2AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.2.2-2p5 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-2.html NoneNoneVMware Avi Load Balancer30.2.3AnyCVE-2025-41233N/AN/AUnaffectedNoneNoneVMware Avi Load Balancer31.1.1AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 31.1.1-2p2 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/31-1/vmware-avi-load-balancer-release-notes/Release-Note-Section-20627.html NoneNone CWE-89 in the Avi Load Balancer component of VMware allows an authenticated attacker to execute blind SQL injections in versions 30.1.1, 30.1.2, 30.2.1, and 30.2.2 due to improper input validation, enabling unauthorized database access.
References
security@vmware.comhttps://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25707
Impacted products
Vendor Product Version
VMware Avi Load Balancer Version: 30.1.1
Version: 30.1.2
Version: 30.2.1
Version: 30.2.2
Version: 31.1.1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-41233",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-13T14:05:34.365225Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-13T14:05:40.989Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Avi Load Balancer",
          "vendor": "VMware",
          "versions": [
            {
              "status": "affected",
              "version": "30.1.1",
              "versionType": "ANY"
            },
            {
              "status": "affected",
              "version": "30.1.2",
              "versionType": "ANY"
            },
            {
              "status": "affected",
              "version": "30.2.1",
              "versionType": "ANY"
            },
            {
              "status": "affected",
              "version": "30.2.2",
              "versionType": "ANY"
            },
            {
              "status": "unaffected",
              "version": "30.2.3"
            },
            {
              "status": "affected",
              "version": "31.1.1",
              "versionType": "ANY"
            },
            {
              "status": "unaffected",
              "version": "30.1.2-2p3",
              "versionType": "ANY"
            },
            {
              "status": "unaffected",
              "version": "30.2.1-2p6",
              "versionType": "ANY"
            },
            {
              "status": "unaffected",
              "version": "30.2.2-2p5",
              "versionType": "ANY"
            },
            {
              "status": "unaffected",
              "version": "31.1.1-2p2",
              "versionType": "ANY"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eVMware AVI Load Balancer contains an authenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.broadcom.com/support/vmware-services/security-response\"\u003eModerate severity range\u003c/a\u003e\u0026nbsp;with a maximum CVSSv3 base score of \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\"\u003e6.8\u003c/a\u003e.\u003cbr\u003e\u003cbr\u003e\u003cstrong\u003eKnown Attack Vectors:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eAn authenticated malicious user with network access may be able to use specially crafted SQL queries to gain database access.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eResolution:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eTo remediate CVE-2025-41233 apply the patches to the Avi Controller listed in the \u0027Fixed Version\u0027 column of the \u0027Response Matrix\u0027 found below.\u003cbr\u003e\u003cbr\u003e\u003cstrong\u003eWorkarounds:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eNone.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAdditional Documentation:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eNone.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAcknowledgements:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eVMware would like to thank \u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/alexandru-copaceanu-b39aaa1a8/\"\u003eAlexandru Copaceanu\u003c/a\u003e\u0026nbsp;for reporting this issue to us.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eNone.\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eResponse Matrix:\u003c/strong\u003e\u003c/p\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProduct\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eVersion\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eRunning On\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eCVE\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eCVSSv4\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eSeverity\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixed Version\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eWorkarounds\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eAdditional Documents\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eVMware Avi Load Balancer\u003c/td\u003e\u003ctd\u003e30.1.1\u003c/td\u003e\u003ctd\u003eAny\u003c/td\u003e\u003ctd\u003eCVE-2025-41233\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\"\u003e6.8\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eModerate\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html\"\u003e30.1.2-2p3\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eVMware Avi Load Balancer\u003c/td\u003e\u003ctd\u003e30.1.2\u003c/td\u003e\u003ctd\u003eAny\u003c/td\u003e\u003ctd\u003eCVE-2025-41233\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\"\u003e6.8\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eModerate\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html\"\u003e30.1.2-2p3\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eVMware Avi Load Balancer\u003c/td\u003e\u003ctd\u003e30.2.1\u003c/td\u003e\u003ctd\u003eAny\u003c/td\u003e\u003ctd\u003eCVE-2025-41233\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\"\u003e6.8\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eModerate\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-1.html\"\u003e30.2.1-2p6\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eVMware Avi Load Balancer\u003c/td\u003e\u003ctd\u003e30.2.2\u003c/td\u003e\u003ctd\u003eAny\u003c/td\u003e\u003ctd\u003eCVE-2025-41233\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\"\u003e6.8\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eModerate\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-2.html\"\u003e30.2.2-2p5\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eVMware Avi Load Balancer\u003c/td\u003e\u003ctd\u003e30.2.3\u003c/td\u003e\u003ctd\u003eAny\u003c/td\u003e\u003ctd\u003eCVE-2025-41233\u003c/td\u003e\u003ctd\u003eN/A\u003c/td\u003e\u003ctd\u003eN/A\u003c/td\u003e\u003ctd\u003eUnaffected\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eVMware Avi Load Balancer\u003c/td\u003e\u003ctd\u003e31.1.1\u003c/td\u003e\u003ctd\u003eAny\u003c/td\u003e\u003ctd\u003eCVE-2025-41233\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\"\u003e6.8\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eModerate\u003c/td\u003e\u003ctd\u003e\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/31-1/vmware-avi-load-balancer-release-notes/Release-Note-Section-20627.html\"\u003e31.1.1-2p2\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e\u003cbr\u003eCWE-89 in the Avi Load Balancer component of VMware allows an authenticated attacker to execute blind SQL injections in versions 30.1.1, 30.1.2, 30.2.1, and 30.2.2 due to improper input validation, enabling unauthorized database access."
            }
          ],
          "value": "Description:\n\nVMware AVI Load Balancer contains an authenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the  Moderate severity range https://www.broadcom.com/support/vmware-services/security-response \u00a0with a maximum CVSSv3 base score of  6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N .\n\nKnown Attack Vectors:\n\nAn authenticated malicious user with network access may be able to use specially crafted SQL queries to gain database access.\n\nResolution:\n\nTo remediate CVE-2025-41233 apply the patches to the Avi Controller listed in the \u0027Fixed Version\u0027 column of the \u0027Response Matrix\u0027 found below.\n\nWorkarounds:\n\nNone.\n\nAdditional Documentation:\n\nNone.\n\nAcknowledgements:\n\nVMware would like to thank  Alexandru Copaceanu https://www.linkedin.com/in/alexandru-copaceanu-b39aaa1a8/ \u00a0for reporting this issue to us.\n\nNotes:\n\nNone.\n\n\u00a0\n\nResponse Matrix:\n\nProductVersionRunning OnCVECVSSv4SeverityFixed VersionWorkaroundsAdditional DocumentsVMware Avi Load Balancer30.1.1AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.1.2-2p3 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html NoneNoneVMware Avi Load Balancer30.1.2AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.1.2-2p3 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html NoneNoneVMware Avi Load Balancer30.2.1AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.2.1-2p6 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-1.html NoneNoneVMware Avi Load Balancer30.2.2AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.2.2-2p5 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-2.html NoneNoneVMware Avi Load Balancer30.2.3AnyCVE-2025-41233N/AN/AUnaffectedNoneNoneVMware Avi Load Balancer31.1.1AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 31.1.1-2p2 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/31-1/vmware-avi-load-balancer-release-notes/Release-Note-Section-20627.html NoneNone\n\nCWE-89 in the Avi Load Balancer component of VMware allows an authenticated attacker to execute blind SQL injections in versions 30.1.1, 30.1.2, 30.2.1, and 30.2.2 due to improper input validation, enabling unauthorized database access."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Authenticated blind SQL injection may allow attackers to perform unauthorized database queries, potentially leading to data exposure or modification."
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-06-12T21:39:53.475Z",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25707"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2025-41233",
    "datePublished": "2025-06-12T21:39:53.475Z",
    "dateReserved": "2025-04-16T09:29:46.972Z",
    "dateUpdated": "2025-06-13T14:05:40.989Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-41233\",\"sourceIdentifier\":\"security@vmware.com\",\"published\":\"2025-06-12T22:15:20.560\",\"lastModified\":\"2025-06-16T12:32:18.840\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Description:\\n\\nVMware AVI Load Balancer contains an authenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the  Moderate severity range https://www.broadcom.com/support/vmware-services/security-response \u00a0with a maximum CVSSv3 base score of  6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N .\\n\\nKnown Attack Vectors:\\n\\nAn authenticated malicious user with network access may be able to use specially crafted SQL queries to gain database access.\\n\\nResolution:\\n\\nTo remediate CVE-2025-41233 apply the patches to the Avi Controller listed in the \u0027Fixed Version\u0027 column of the \u0027Response Matrix\u0027 found below.\\n\\nWorkarounds:\\n\\nNone.\\n\\nAdditional Documentation:\\n\\nNone.\\n\\nAcknowledgements:\\n\\nVMware would like to thank  Alexandru Copaceanu https://www.linkedin.com/in/alexandru-copaceanu-b39aaa1a8/ \u00a0for reporting this issue to us.\\n\\nNotes:\\n\\nNone.\\n\\n\u00a0\\n\\nResponse Matrix:\\n\\nProductVersionRunning OnCVECVSSv4SeverityFixed VersionWorkaroundsAdditional DocumentsVMware Avi Load Balancer30.1.1AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.1.2-2p3 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html NoneNoneVMware Avi Load Balancer30.1.2AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.1.2-2p3 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html NoneNoneVMware Avi Load Balancer30.2.1AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.2.1-2p6 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-1.html NoneNoneVMware Avi Load Balancer30.2.2AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.2.2-2p5 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-2.html NoneNoneVMware Avi Load Balancer30.2.3AnyCVE-2025-41233N/AN/AUnaffectedNoneNoneVMware Avi Load Balancer31.1.1AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 31.1.1-2p2 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/31-1/vmware-avi-load-balancer-release-notes/Release-Note-Section-20627.html NoneNone\\n\\nCWE-89 in the Avi Load Balancer component of VMware allows an authenticated attacker to execute blind SQL injections in versions 30.1.1, 30.1.2, 30.2.1, and 30.2.2 due to improper input validation, enabling unauthorized database access.\"},{\"lang\":\"es\",\"value\":\"Description: VMware AVI Load Balancer contiene una vulnerabilidad de inyecci\u00f3n SQL ciega autenticada. VMware ha evaluado la gravedad del problema como moderada (https://www.broadcom.com/support/vmware-services/security-response) con una puntuaci\u00f3n base m\u00e1xima de CVSSv3 de 6,8 (https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). Vectores de ataque conocidos: Un usuario malicioso autenticado con acceso a la red podr\u00eda usar consultas SQL especialmente manipuladas para obtener acceso a la base de datos. Soluci\u00f3n: Para remediar CVE-2025-41233, aplique los parches al controlador AVI que se indican en la columna \\\"Versi\u00f3n corregida\\\" de la \\\"Matriz de respuestas\\\" que se encuentra a continuaci\u00f3n. Soluciones alternativas: Ninguna. Documentaci\u00f3n adicional: Ninguna. Agradecimientos: VMware agradece a Alexandru Copaceanu (https://www.linkedin.com/in/alexandru-copaceanu-b39aaa1a8/) por informarnos sobre este problema. Notas: Ninguna. Matriz de respuestas: Versi\u00f3n del producto en ejecuci\u00f3n, CVECVSSv4, Gravedad, Versi\u00f3n corregida, Soluciones alternativas, Documentos adicionales, VMware AVI Load Balancer 30.1.1, Cualquiera, CVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N, Moderado 30.1.2-2p3 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html, Ninguno, VMware AVI Load Balancer 30.1.2, Cualquiera, CVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderado 30.1.2-2p3 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html NingunoNingunoVMware Avi Load Balancer30.2.1CualquieraCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderado 30.2.1-2p6 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-1.html Ninguno Ninguno VMware Avi Load Balancer 30.2.2 Cualquiera CVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderado 30.2.2-2p5 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-2.html Ninguno Ninguno VMware Avi Load Balancer 30.2.3 Cualquiera CVE-2025-41233 N/AN/A No afectado Ninguno Ninguno VMware Avi Load Balancer 31.1.1 Cualquiera CVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderado 31.1.1-2p2 CWE-89 en el componente Avi Load Balancer de VMware permite que un atacante autenticado ejecute inyecciones SQL ciegas en las versiones 30.1.1, 30.1.2, 30.2.1 y 30.2.2 debido a una validaci\u00f3n de entrada incorrecta, lo que permite el acceso no autorizado a la base de datos.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@vmware.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":4.0}]},\"weaknesses\":[{\"source\":\"security@vmware.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"references\":[{\"url\":\"https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25707\",\"source\":\"security@vmware.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-41233\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-13T14:05:34.365225Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-13T14:05:38.292Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"descriptions\": [{\"lang\": \"en\", \"value\": \"Authenticated blind SQL injection may allow attackers to perform unauthorized database queries, potentially leading to data exposure or modification.\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"VMware\", \"product\": \"Avi Load Balancer\", \"versions\": [{\"status\": \"affected\", \"version\": \"30.1.1\", \"versionType\": \"ANY\"}, {\"status\": \"affected\", \"version\": \"30.1.2\", \"versionType\": \"ANY\"}, {\"status\": \"affected\", \"version\": \"30.2.1\", \"versionType\": \"ANY\"}, {\"status\": \"affected\", \"version\": \"30.2.2\", \"versionType\": \"ANY\"}, {\"status\": \"unaffected\", \"version\": \"30.2.3\"}, {\"status\": \"affected\", \"version\": \"31.1.1\", \"versionType\": \"ANY\"}, {\"status\": \"unaffected\", \"version\": \"30.1.2-2p3\", \"versionType\": \"ANY\"}, {\"status\": \"unaffected\", \"version\": \"30.2.1-2p6\", \"versionType\": \"ANY\"}, {\"status\": \"unaffected\", \"version\": \"30.2.2-2p5\", \"versionType\": \"ANY\"}, {\"status\": \"unaffected\", \"version\": \"31.1.1-2p2\", \"versionType\": \"ANY\"}], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25707\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Description:\\n\\nVMware AVI Load Balancer contains an authenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the  Moderate severity range https://www.broadcom.com/support/vmware-services/security-response \\u00a0with a maximum CVSSv3 base score of  6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N .\\n\\nKnown Attack Vectors:\\n\\nAn authenticated malicious user with network access may be able to use specially crafted SQL queries to gain database access.\\n\\nResolution:\\n\\nTo remediate CVE-2025-41233 apply the patches to the Avi Controller listed in the \u0027Fixed Version\u0027 column of the \u0027Response Matrix\u0027 found below.\\n\\nWorkarounds:\\n\\nNone.\\n\\nAdditional Documentation:\\n\\nNone.\\n\\nAcknowledgements:\\n\\nVMware would like to thank  Alexandru Copaceanu https://www.linkedin.com/in/alexandru-copaceanu-b39aaa1a8/ \\u00a0for reporting this issue to us.\\n\\nNotes:\\n\\nNone.\\n\\n\\u00a0\\n\\nResponse Matrix:\\n\\nProductVersionRunning OnCVECVSSv4SeverityFixed VersionWorkaroundsAdditional DocumentsVMware Avi Load Balancer30.1.1AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.1.2-2p3 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html NoneNoneVMware Avi Load Balancer30.1.2AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.1.2-2p3 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html NoneNoneVMware Avi Load Balancer30.2.1AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.2.1-2p6 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-1.html NoneNoneVMware Avi Load Balancer30.2.2AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.2.2-2p5 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-2.html NoneNoneVMware Avi Load Balancer30.2.3AnyCVE-2025-41233N/AN/AUnaffectedNoneNoneVMware Avi Load Balancer31.1.1AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 31.1.1-2p2 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/31-1/vmware-avi-load-balancer-release-notes/Release-Note-Section-20627.html NoneNone\\n\\nCWE-89 in the Avi Load Balancer component of VMware allows an authenticated attacker to execute blind SQL injections in versions 30.1.1, 30.1.2, 30.2.1, and 30.2.2 due to improper input validation, enabling unauthorized database access.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003e\u003cstrong\u003eDescription:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eVMware AVI Load Balancer contains an authenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.broadcom.com/support/vmware-services/security-response\\\"\u003eModerate severity range\u003c/a\u003e\u0026nbsp;with a maximum CVSSv3 base score of \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\\\"\u003e6.8\u003c/a\u003e.\u003cbr\u003e\u003cbr\u003e\u003cstrong\u003eKnown Attack Vectors:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eAn authenticated malicious user with network access may be able to use specially crafted SQL queries to gain database access.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eResolution:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eTo remediate CVE-2025-41233 apply the patches to the Avi Controller listed in the \u0027Fixed Version\u0027 column of the \u0027Response Matrix\u0027 found below.\u003cbr\u003e\u003cbr\u003e\u003cstrong\u003eWorkarounds:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eNone.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAdditional Documentation:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eNone.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eAcknowledgements:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eVMware would like to thank \u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.linkedin.com/in/alexandru-copaceanu-b39aaa1a8/\\\"\u003eAlexandru Copaceanu\u003c/a\u003e\u0026nbsp;for reporting this issue to us.\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eNotes:\u003c/strong\u003e\u003c/p\u003e\u003cp\u003eNone.\u003c/p\u003e\u003cp\u003e\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003cstrong\u003eResponse Matrix:\u003c/strong\u003e\u003c/p\u003e\u003ctable\u003e\u003ctbody\u003e\u003ctr\u003e\u003ctd\u003e\u003cstrong\u003eProduct\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eVersion\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eRunning On\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eCVE\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eCVSSv4\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eSeverity\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eFixed Version\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eWorkarounds\u003c/strong\u003e\u003c/td\u003e\u003ctd\u003e\u003cstrong\u003eAdditional Documents\u003c/strong\u003e\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eVMware Avi Load Balancer\u003c/td\u003e\u003ctd\u003e30.1.1\u003c/td\u003e\u003ctd\u003eAny\u003c/td\u003e\u003ctd\u003eCVE-2025-41233\u003c/td\u003e\u003ctd\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\\\"\u003e6.8\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eModerate\u003c/td\u003e\u003ctd\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html\\\"\u003e30.1.2-2p3\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eVMware Avi Load Balancer\u003c/td\u003e\u003ctd\u003e30.1.2\u003c/td\u003e\u003ctd\u003eAny\u003c/td\u003e\u003ctd\u003eCVE-2025-41233\u003c/td\u003e\u003ctd\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\\\"\u003e6.8\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eModerate\u003c/td\u003e\u003ctd\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html\\\"\u003e30.1.2-2p3\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eVMware Avi Load Balancer\u003c/td\u003e\u003ctd\u003e30.2.1\u003c/td\u003e\u003ctd\u003eAny\u003c/td\u003e\u003ctd\u003eCVE-2025-41233\u003c/td\u003e\u003ctd\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\\\"\u003e6.8\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eModerate\u003c/td\u003e\u003ctd\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-1.html\\\"\u003e30.2.1-2p6\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eVMware Avi Load Balancer\u003c/td\u003e\u003ctd\u003e30.2.2\u003c/td\u003e\u003ctd\u003eAny\u003c/td\u003e\u003ctd\u003eCVE-2025-41233\u003c/td\u003e\u003ctd\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\\\"\u003e6.8\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eModerate\u003c/td\u003e\u003ctd\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-2.html\\\"\u003e30.2.2-2p5\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eVMware Avi Load Balancer\u003c/td\u003e\u003ctd\u003e30.2.3\u003c/td\u003e\u003ctd\u003eAny\u003c/td\u003e\u003ctd\u003eCVE-2025-41233\u003c/td\u003e\u003ctd\u003eN/A\u003c/td\u003e\u003ctd\u003eN/A\u003c/td\u003e\u003ctd\u003eUnaffected\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003c/tr\u003e\u003ctr\u003e\u003ctd\u003eVMware Avi Load Balancer\u003c/td\u003e\u003ctd\u003e31.1.1\u003c/td\u003e\u003ctd\u003eAny\u003c/td\u003e\u003ctd\u003eCVE-2025-41233\u003c/td\u003e\u003ctd\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\\\"\u003e6.8\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eModerate\u003c/td\u003e\u003ctd\u003e\u003ca target=\\\"_blank\\\" rel=\\\"nofollow\\\" href=\\\"https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/31-1/vmware-avi-load-balancer-release-notes/Release-Note-Section-20627.html\\\"\u003e31.1.1-2p2\u003c/a\u003e\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003ctd\u003eNone\u003c/td\u003e\u003c/tr\u003e\u003c/tbody\u003e\u003c/table\u003e\u003cbr\u003e\u003cbr\u003eCWE-89 in the Avi Load Balancer component of VMware allows an authenticated attacker to execute blind SQL injections in versions 30.1.1, 30.1.2, 30.2.1, and 30.2.2 due to improper input validation, enabling unauthorized database access.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-89\", \"description\": \"CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"dcf2e128-44bd-42ed-91e8-88f912c1401d\", \"shortName\": \"vmware\", \"dateUpdated\": \"2025-06-12T21:39:53.475Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-41233\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-13T14:05:40.989Z\", \"dateReserved\": \"2025-04-16T09:29:46.972Z\", \"assignerOrgId\": \"dcf2e128-44bd-42ed-91e8-88f912c1401d\", \"datePublished\": \"2025-06-12T21:39:53.475Z\", \"assignerShortName\": \"vmware\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.