Avi Load Balancer contains an unauthenticated blind SQL Injection vulnerability which was privately reported to VMware. Patches are available to remediate this vulnerability in affected VMware products. A malicious user with network access may be able to use specially crafted SQL queries to gain database access.
https://thehackernews.com/2025/01/broadcom-patches-vmware-aria-flaws.html
https://thehackernews.com/2025/01/broadcom-warns-of-high-severity-sql.html
https://www.securityweek.com/vmware-warns-of-high-risk-blind-sql-injection-bug-in-avi-load-balancer/
https://securityaffairs.com/173569/security/vmware-fixed-avi-load-balancer-flaw.html