GitHub Desktop Vulnerability Exposes Credentials Through Malicious Remote URLs

January 28, 2025

Multiple Google Android Vulnerabilities

January 29, 2025

CVE-2025-22217 – VMware Avi Load Balancer Vulnerability

January 29, 2025

Severity

High

Analysis Summary

CVE-2025-22217

Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability which was privately reported to VMware. Patches are available to remediate this vulnerability in affected VMware products. A malicious user with network access may be able to use specially crafted SQL queries to gain database access.

Impact

Gain Access
Data Manipulation

Indicators of Compromise

CVE

CVE-2025-22217

Affected Vendors

VMware

Affected Products

VMware Avi Load Balancer

Remediation

Refer to VMware Security Advisory for patch, upgrade, or suggested workaround information.

VMware Security Advisory

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

New AD Lateral Movement Bypasses Authentication, Steals Data

Windows UAC Bypassed via Character Map

SideWinder APT Group aka Rattlesnake – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us