Insights from the Field

Executive Summary Broadcom’s advisory VMSA-2025-0011 discloses CVE-2025-41233, a moderate-severity vulnerability in VMware Avi Load Balancer. The issue is an authenticated blind SQL injection flaw that allows logged-in users to infer data from the backend database by manipulating application behavior through crafted queries. While the injection does not expose results directly, attackers can use response variations to extract sensitive information. This article breaks down th

Introduction On May 20, 2025, Broadcom published VMSA-2025-0009, a security advisory detailing three newly discovered vulnerabilities in VMware Cloud Foundation. All three issues were reported by the NATO Cyber Security Centre (NCSC) and affect versions 4.5.x and 5.x of the platform. These vulnerabilities allow unauthorized access to files, information disclosure through exposed endpoints, and the execution of privileged operations due to missing authorization checks. There a