Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2025-41233

Опубликовано: 12 июн. 2025
Источник: nvd
CVSS3: 6.8
EPSS Низкий

Описание

Description:

VMware AVI Load Balancer contains an authenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the Moderate severity range https://www.broadcom.com/support/vmware-services/security-response  with a maximum CVSSv3 base score of 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N .

Known Attack Vectors:

An authenticated malicious user with network access may be able to use specially crafted SQL queries to gain database access.

Resolution:

To remediate CVE-2025-41233 apply the patches to the Avi Controller listed in the 'Fixed Version' column of the 'Response Matrix' found below.

Workarounds:

None.

Additional Documentation:

None.

Acknowledgements:

VMware would like to thank Alexandru Copaceanu https://www.linkedin.com/in/alexandru-copaceanu-b39aaa1a8/  for reporting this issue to us.

Notes:

None.

 

Response Matrix:

ProductVersionRunning OnCVECVSSv4SeverityFixed VersionW

Ссылки

EPSS

Процентиль: 11%
0.00038
Низкий

6.8 Medium

CVSS3

Дефекты

CWE-89

Связанные уязвимости

github логотип

GHSA-m65j-rhw9-8g9v

CVSS3: 6.8
github
8 месяцев назад

Description: VMware AVI Load Balancer contains an authenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the Moderate severity range https://www.broadcom.com/support/vmware-services/security-response  with a maximum CVSSv3 base score of 6.8 https://www.first.org/cvss/calculator/3-0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N . Known Attack Vectors: An authenticated malicious user with network access may be able to use specially crafted SQL queries to gain database access. Resolution: To remediate CVE-2025-41233 apply the patches to the Avi Controller listed in the 'Fixed Version' column of the 'Response Matrix' found below. Workarounds: None. Additional Documentation: None. Acknowledgements: VMware would like to thank Alexandru Copaceanu https://www.linkedin.com/in/alexandru-copaceanu-b39aaa1a8/  for reporting this issue to us. Notes: None.   Response Matrix: ProductVersionRunning OnCVECVSSv4SeverityFixed Versi...

fstec логотип

BDU:2025-05973

CVSS3: 6.8
fstec
9 месяцев назад

Уязвимость программного обеспечения для управления трафиком в гибридных и мультиоблачных средах VMware Avi Load Balancer, связанная с непринятием мер по защите структуры запроса SQL, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 11%
0.00038
Низкий

6.8 Medium

CVSS3

Дефекты

CWE-89