{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-41233", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "state": "PUBLISHED", "assignerShortName": "vmware", "dateReserved": "2025-04-16T09:29:46.972Z", "datePublished": "2025-06-12T21:39:53.475Z", "dateUpdated": "2025-06-13T14:05:40.989Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "affected", "product": "Avi Load Balancer", "vendor": "VMware", "versions": [{"status": "affected", "version": "30.1.1", "versionType": "ANY"}, {"status": "affected", "version": "30.1.2", "versionType": "ANY"}, {"status": "affected", "version": "30.2.1", "versionType": "ANY"}, {"status": "affected", "version": "30.2.2", "versionType": "ANY"}, {"status": "unaffected", "version": "30.2.3"}, {"status": "affected", "version": "31.1.1", "versionType": "ANY"}, {"status": "unaffected", "version": "30.1.2-2p3", "versionType": "ANY"}, {"status": "unaffected", "version": "30.2.1-2p6", "versionType": "ANY"}, {"status": "unaffected", "version": "30.2.2-2p5", "versionType": "ANY"}, {"status": "unaffected", "version": "31.1.1-2p2", "versionType": "ANY"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p><strong>Description:</strong></p><p>VMware AVI Load Balancer contains an authenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.broadcom.com/support/vmware-services/security-response\">Moderate severity range</a>&nbsp;with a maximum CVSSv3 base score of <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\">6.8</a>.<br><br><strong>Known Attack Vectors:</strong></p><p>An authenticated malicious user with network access may be able to use specially crafted SQL queries to gain database access.</p><p><strong>Resolution:</strong></p><p>To remediate CVE-2025-41233 apply the patches to the Avi Controller listed in the 'Fixed Version' column of the 'Response Matrix' found below.<br><br><strong>Workarounds:</strong></p><p>None.</p><p><strong>Additional Documentation:</strong></p><p>None.</p><p><strong>Acknowledgements:</strong></p><p>VMware would like to thank <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/alexandru-copaceanu-b39aaa1a8/\">Alexandru Copaceanu</a>&nbsp;for reporting this issue to us.</p><p><strong>Notes:</strong></p><p>None.</p><p>&nbsp;</p><p><strong>Response Matrix:</strong></p><table><tbody><tr><td><strong>Product</strong></td><td><strong>Version</strong></td><td><strong>Running On</strong></td><td><strong>CVE</strong></td><td><strong>CVSSv4</strong></td><td><strong>Severity</strong></td><td><strong>Fixed Version</strong></td><td><strong>Workarounds</strong></td><td><strong>Additional Documents</strong></td></tr><tr><td>VMware Avi Load Balancer</td><td>30.1.1</td><td>Any</td><td>CVE-2025-41233</td><td><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\">6.8</a></td><td>Moderate</td><td><a target=\"_blank\" rel=\"nofollow\" href=\"https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html\">30.1.2-2p3</a></td><td>None</td><td>None</td></tr><tr><td>VMware Avi Load Balancer</td><td>30.1.2</td><td>Any</td><td>CVE-2025-41233</td><td><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\">6.8</a></td><td>Moderate</td><td><a target=\"_blank\" rel=\"nofollow\" href=\"https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html\">30.1.2-2p3</a></td><td>None</td><td>None</td></tr><tr><td>VMware Avi Load Balancer</td><td>30.2.1</td><td>Any</td><td>CVE-2025-41233</td><td><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\">6.8</a></td><td>Moderate</td><td><a target=\"_blank\" rel=\"nofollow\" href=\"https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-1.html\">30.2.1-2p6</a></td><td>None</td><td>None</td></tr><tr><td>VMware Avi Load Balancer</td><td>30.2.2</td><td>Any</td><td>CVE-2025-41233</td><td><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\">6.8</a></td><td>Moderate</td><td><a target=\"_blank\" rel=\"nofollow\" href=\"https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-2.html\">30.2.2-2p5</a></td><td>None</td><td>None</td></tr><tr><td>VMware Avi Load Balancer</td><td>30.2.3</td><td>Any</td><td>CVE-2025-41233</td><td>N/A</td><td>N/A</td><td>Unaffected</td><td>None</td><td>None</td></tr><tr><td>VMware Avi Load Balancer</td><td>31.1.1</td><td>Any</td><td>CVE-2025-41233</td><td><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\">6.8</a></td><td>Moderate</td><td><a target=\"_blank\" rel=\"nofollow\" href=\"https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/31-1/vmware-avi-load-balancer-release-notes/Release-Note-Section-20627.html\">31.1.1-2p2</a></td><td>None</td><td>None</td></tr></tbody></table><br><br>CWE-89 in the Avi Load Balancer component of VMware allows an authenticated attacker to execute blind SQL injections in versions 30.1.1, 30.1.2, 30.2.1, and 30.2.2 due to improper input validation, enabling unauthorized database access."}], "value": "Description:\n\nVMware AVI Load Balancer contains an authenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the Moderate severity range https://www.broadcom.com/support/vmware-services/security-response \u00a0with a maximum CVSSv3 base score of 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N .\n\nKnown Attack Vectors:\n\nAn authenticated malicious user with network access may be able to use specially crafted SQL queries to gain database access.\n\nResolution:\n\nTo remediate CVE-2025-41233 apply the patches to the Avi Controller listed in the 'Fixed Version' column of the 'Response Matrix' found below.\n\nWorkarounds:\n\nNone.\n\nAdditional Documentation:\n\nNone.\n\nAcknowledgements:\n\nVMware would like to thank Alexandru Copaceanu https://www.linkedin.com/in/alexandru-copaceanu-b39aaa1a8/ \u00a0for reporting this issue to us.\n\nNotes:\n\nNone.\n\n\u00a0\n\nResponse Matrix:\n\nProductVersionRunning OnCVECVSSv4SeverityFixed VersionWorkaroundsAdditional DocumentsVMware Avi Load Balancer30.1.1AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.1.2-2p3 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html NoneNoneVMware Avi Load Balancer30.1.2AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.1.2-2p3 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html NoneNoneVMware Avi Load Balancer30.2.1AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.2.1-2p6 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-1.html NoneNoneVMware Avi Load Balancer30.2.2AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.2.2-2p5 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-2.html NoneNoneVMware Avi Load Balancer30.2.3AnyCVE-2025-41233N/AN/AUnaffectedNoneNoneVMware Avi Load Balancer31.1.1AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 31.1.1-2p2 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/31-1/vmware-avi-load-balancer-release-notes/Release-Note-Section-20627.html NoneNone\n\nCWE-89 in the Avi Load Balancer component of VMware allows an authenticated attacker to execute blind SQL injections in versions 30.1.1, 30.1.2, 30.2.1, and 30.2.2 due to improper input validation, enabling unauthorized database access."}], "impacts": [{"descriptions": [{"lang": "en", "value": "Authenticated blind SQL injection may allow attackers to perform unauthorized database queries, potentially leading to data exposure or modification."}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2025-06-12T21:39:53.475Z"}, "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25707"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-13T14:05:34.365225Z", "id": "CVE-2025-41233", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-13T14:05:40.989Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-41233", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-13T14:05:34.365225Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-13T14:05:38.292Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "impacts": [{"descriptions": [{"lang": "en", "value": "Authenticated blind SQL injection may allow attackers to perform unauthorized database queries, potentially leading to data exposure or modification."}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "VMware", "product": "Avi Load Balancer", "versions": [{"status": "affected", "version": "30.1.1", "versionType": "ANY"}, {"status": "affected", "version": "30.1.2", "versionType": "ANY"}, {"status": "affected", "version": "30.2.1", "versionType": "ANY"}, {"status": "affected", "version": "30.2.2", "versionType": "ANY"}, {"status": "unaffected", "version": "30.2.3"}, {"status": "affected", "version": "31.1.1", "versionType": "ANY"}, {"status": "unaffected", "version": "30.1.2-2p3", "versionType": "ANY"}, {"status": "unaffected", "version": "30.2.1-2p6", "versionType": "ANY"}, {"status": "unaffected", "version": "30.2.2-2p5", "versionType": "ANY"}, {"status": "unaffected", "version": "31.1.1-2p2", "versionType": "ANY"}], "defaultStatus": "affected"}], "references": [{"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25707"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Description:\n\nVMware AVI Load Balancer contains an authenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the Moderate severity range https://www.broadcom.com/support/vmware-services/security-response \u00a0with a maximum CVSSv3 base score of 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N .\n\nKnown Attack Vectors:\n\nAn authenticated malicious user with network access may be able to use specially crafted SQL queries to gain database access.\n\nResolution:\n\nTo remediate CVE-2025-41233 apply the patches to the Avi Controller listed in the 'Fixed Version' column of the 'Response Matrix' found below.\n\nWorkarounds:\n\nNone.\n\nAdditional Documentation:\n\nNone.\n\nAcknowledgements:\n\nVMware would like to thank Alexandru Copaceanu https://www.linkedin.com/in/alexandru-copaceanu-b39aaa1a8/ \u00a0for reporting this issue to us.\n\nNotes:\n\nNone.\n\n\u00a0\n\nResponse Matrix:\n\nProductVersionRunning OnCVECVSSv4SeverityFixed VersionWorkaroundsAdditional DocumentsVMware Avi Load Balancer30.1.1AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.1.2-2p3 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html NoneNoneVMware Avi Load Balancer30.1.2AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.1.2-2p3 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html NoneNoneVMware Avi Load Balancer30.2.1AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.2.1-2p6 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-1.html NoneNoneVMware Avi Load Balancer30.2.2AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.2.2-2p5 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-2.html NoneNoneVMware Avi Load Balancer30.2.3AnyCVE-2025-41233N/AN/AUnaffectedNoneNoneVMware Avi Load Balancer31.1.1AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 31.1.1-2p2 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/31-1/vmware-avi-load-balancer-release-notes/Release-Note-Section-20627.html NoneNone\n\nCWE-89 in the Avi Load Balancer component of VMware allows an authenticated attacker to execute blind SQL injections in versions 30.1.1, 30.1.2, 30.2.1, and 30.2.2 due to improper input validation, enabling unauthorized database access.", "supportingMedia": [{"type": "text/html", "value": "<p><strong>Description:</strong></p><p>VMware AVI Load Balancer contains an authenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.broadcom.com/support/vmware-services/security-response\">Moderate severity range</a>&nbsp;with a maximum CVSSv3 base score of <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\">6.8</a>.<br><br><strong>Known Attack Vectors:</strong></p><p>An authenticated malicious user with network access may be able to use specially crafted SQL queries to gain database access.</p><p><strong>Resolution:</strong></p><p>To remediate CVE-2025-41233 apply the patches to the Avi Controller listed in the 'Fixed Version' column of the 'Response Matrix' found below.<br><br><strong>Workarounds:</strong></p><p>None.</p><p><strong>Additional Documentation:</strong></p><p>None.</p><p><strong>Acknowledgements:</strong></p><p>VMware would like to thank <a target=\"_blank\" rel=\"nofollow\" href=\"https://www.linkedin.com/in/alexandru-copaceanu-b39aaa1a8/\">Alexandru Copaceanu</a>&nbsp;for reporting this issue to us.</p><p><strong>Notes:</strong></p><p>None.</p><p>&nbsp;</p><p><strong>Response Matrix:</strong></p><table><tbody><tr><td><strong>Product</strong></td><td><strong>Version</strong></td><td><strong>Running On</strong></td><td><strong>CVE</strong></td><td><strong>CVSSv4</strong></td><td><strong>Severity</strong></td><td><strong>Fixed Version</strong></td><td><strong>Workarounds</strong></td><td><strong>Additional Documents</strong></td></tr><tr><td>VMware Avi Load Balancer</td><td>30.1.1</td><td>Any</td><td>CVE-2025-41233</td><td><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\">6.8</a></td><td>Moderate</td><td><a target=\"_blank\" rel=\"nofollow\" href=\"https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html\">30.1.2-2p3</a></td><td>None</td><td>None</td></tr><tr><td>VMware Avi Load Balancer</td><td>30.1.2</td><td>Any</td><td>CVE-2025-41233</td><td><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\">6.8</a></td><td>Moderate</td><td><a target=\"_blank\" rel=\"nofollow\" href=\"https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html\">30.1.2-2p3</a></td><td>None</td><td>None</td></tr><tr><td>VMware Avi Load Balancer</td><td>30.2.1</td><td>Any</td><td>CVE-2025-41233</td><td><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\">6.8</a></td><td>Moderate</td><td><a target=\"_blank\" rel=\"nofollow\" href=\"https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-1.html\">30.2.1-2p6</a></td><td>None</td><td>None</td></tr><tr><td>VMware Avi Load Balancer</td><td>30.2.2</td><td>Any</td><td>CVE-2025-41233</td><td><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\">6.8</a></td><td>Moderate</td><td><a target=\"_blank\" rel=\"nofollow\" href=\"https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-2.html\">30.2.2-2p5</a></td><td>None</td><td>None</td></tr><tr><td>VMware Avi Load Balancer</td><td>30.2.3</td><td>Any</td><td>CVE-2025-41233</td><td>N/A</td><td>N/A</td><td>Unaffected</td><td>None</td><td>None</td></tr><tr><td>VMware Avi Load Balancer</td><td>31.1.1</td><td>Any</td><td>CVE-2025-41233</td><td><a target=\"_blank\" rel=\"nofollow\" href=\"https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\">6.8</a></td><td>Moderate</td><td><a target=\"_blank\" rel=\"nofollow\" href=\"https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/31-1/vmware-avi-load-balancer-release-notes/Release-Note-Section-20627.html\">31.1.1-2p2</a></td><td>None</td><td>None</td></tr></tbody></table><br><br>CWE-89 in the Avi Load Balancer component of VMware allows an authenticated attacker to execute blind SQL injections in versions 30.1.1, 30.1.2, 30.2.1, and 30.2.2 due to improper input validation, enabling unauthorized database access.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')"}]}], "providerMetadata": {"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware", "dateUpdated": "2025-06-12T21:39:53.475Z"}}}, "cveMetadata": {"cveId": "CVE-2025-41233", "state": "PUBLISHED", "dateUpdated": "2025-06-13T14:05:40.989Z", "dateReserved": "2025-04-16T09:29:46.972Z", "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "datePublished": "2025-06-12T21:39:53.475Z", "assignerShortName": "vmware"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Description:\n\nVMware AVI Load Balancer contains an authenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the Moderate severity range https://www.broadcom.com/support/vmware-services/security-response \u00a0with a maximum CVSSv3 base score of 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N .\n\nKnown Attack Vectors:\n\nAn authenticated malicious user with network access may be able to use specially crafted SQL queries to gain database access.\n\nResolution:\n\nTo remediate CVE-2025-41233 apply the patches to the Avi Controller listed in the 'Fixed Version' column of the 'Response Matrix' found below.\n\nWorkarounds:\n\nNone.\n\nAdditional Documentation:\n\nNone.\n\nAcknowledgements:\n\nVMware would like to thank Alexandru Copaceanu https://www.linkedin.com/in/alexandru-copaceanu-b39aaa1a8/ \u00a0for reporting this issue to us.\n\nNotes:\n\nNone.\n\n\u00a0\n\nResponse Matrix:\n\nProductVersionRunning OnCVECVSSv4SeverityFixed VersionWorkaroundsAdditional DocumentsVMware Avi Load Balancer30.1.1AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.1.2-2p3 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html NoneNoneVMware Avi Load Balancer30.1.2AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.1.2-2p3 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html NoneNoneVMware Avi Load Balancer30.2.1AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.2.1-2p6 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-1.html NoneNoneVMware Avi Load Balancer30.2.2AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 30.2.2-2p5 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-2.html NoneNoneVMware Avi Load Balancer30.2.3AnyCVE-2025-41233N/AN/AUnaffectedNoneNoneVMware Avi Load Balancer31.1.1AnyCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderate 31.1.1-2p2 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/31-1/vmware-avi-load-balancer-release-notes/Release-Note-Section-20627.html NoneNone\n\nCWE-89 in the Avi Load Balancer component of VMware allows an authenticated attacker to execute blind SQL injections in versions 30.1.1, 30.1.2, 30.2.1, and 30.2.2 due to improper input validation, enabling unauthorized database access."}, {"lang": "es", "value": "Description: VMware AVI Load Balancer contiene una vulnerabilidad de inyecci\u00f3n SQL ciega autenticada. VMware ha evaluado la gravedad del problema como moderada (https://www.broadcom.com/support/vmware-services/security-response) con una puntuaci\u00f3n base m\u00e1xima de CVSSv3 de 6,8 (https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). Vectores de ataque conocidos: Un usuario malicioso autenticado con acceso a la red podr\u00eda usar consultas SQL especialmente manipuladas para obtener acceso a la base de datos. Soluci\u00f3n: Para remediar CVE-2025-41233, aplique los parches al controlador AVI que se indican en la columna \"Versi\u00f3n corregida\" de la \"Matriz de respuestas\" que se encuentra a continuaci\u00f3n. Soluciones alternativas: Ninguna. Documentaci\u00f3n adicional: Ninguna. Agradecimientos: VMware agradece a Alexandru Copaceanu (https://www.linkedin.com/in/alexandru-copaceanu-b39aaa1a8/) por informarnos sobre este problema. Notas: Ninguna. Matriz de respuestas: Versi\u00f3n del producto en ejecuci\u00f3n, CVECVSSv4, Gravedad, Versi\u00f3n corregida, Soluciones alternativas, Documentos adicionales, VMware AVI Load Balancer 30.1.1, Cualquiera, CVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N, Moderado 30.1.2-2p3 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html, Ninguno, VMware AVI Load Balancer 30.1.2, Cualquiera, CVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderado 30.1.2-2p3 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-1/vmware-avi-load-balancer-release-notes/release-notes-30-1-2.html NingunoNingunoVMware Avi Load Balancer30.2.1CualquieraCVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderado 30.2.1-2p6 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-1.html Ninguno Ninguno VMware Avi Load Balancer 30.2.2 Cualquiera CVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderado 30.2.2-2p5 https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/avi-load-balancer/avi-load-balancer/30-2/vmware-avi-load-balancer-release-notes/release-notes-for-avi-load-balancer-version-30-2-2.html Ninguno Ninguno VMware Avi Load Balancer 30.2.3 Cualquiera CVE-2025-41233 N/AN/A No afectado Ninguno Ninguno VMware Avi Load Balancer 31.1.1 Cualquiera CVE-2025-41233 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N Moderado 31.1.1-2p2 CWE-89 en el componente Avi Load Balancer de VMware permite que un atacante autenticado ejecute inyecciones SQL ciegas en las versiones 30.1.1, 30.1.2, 30.2.1 y 30.2.2 debido a una validaci\u00f3n de entrada incorrecta, lo que permite el acceso no autorizado a la base de datos."}], "id": "CVE-2025-41233", "lastModified": "2025-06-16T12:32:18.840", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 4.0, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-06-12T22:15:20.560", "references": [{"source": "[email protected]", "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25707"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "[email protected]", "type": "Secondary"}]}

{}