关键漏洞信息 Product/Component: VMware Avi Load Balancer Severity: High Advisory ID: VMSA-2025-0002 Issue Date: 2025-01-28 CVE: CVE-2025-22217 Summary: VMware Avi Load Balancer addresses an unauthenticated blind SQL Injection vulnerability Known Attack Vectors: A malicious user with network access may be able to use specially crafted SQL queries to gain database access. Resolution: Apply the patches provided to affected versions as listed in the Response Matrix. Fixed Versions: - 30.1.1 -> 30.1.2-2p2 - 30.1.2 -> 30.1.2-2p2 - 30.2.1 -> 30.2.1-2p5 - 30.2.2 -> 30.2.2-2p2 CVSSv3: 8.6 Severity: Important Workarounds: None Additional Documentation: None References: - Release Notes for fixed versions are provided. Links are given for 30.1.1/30.1.2 and other versions. - Mitre CVE Dictionary Links and CVSS Calculator are provided.