The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that hackers are using CVE-2008-4128, a CSRF flaw in Cisco IOS versions 12.4(12) and 12.4(4).
This weakness was included in CISA’s Known Exploited Vulnerabilities Catalog on July 13, 2026, showing that old networking flaws can still be security threats long after they are revealed.
CVE-2008-4128 is categorized under CWE-352, which addresses CSRF vulnerabilities. CSRF attacks occur when a victim with an authenticated browser session is deceived into visiting a malicious webpage or opening attacker-controlled content.
This flaw affects the web management of Cisco IOS. An attacker can use special requests to make an admin’s browser send commands to a Cisco IOS device without them knowing.
According to the CVE description, this issue can enable remote attackers to execute arbitrary commands via crafted requests that involve the “show privilege” command and the “/level/15/exec/-” URI.
VMware Avi Load Balancer flaws Let Attackers Bypass Authentication
VMware has revealed several security issues in its Avi Load Balancer platform that allow attackers to skip authentication and access the database without permission using special SQL queries.
The worst one, CVE-2025-22217, has a CVSSv3 score of 8.6 and does not need any login or user action to exploit. The primary issue is an unauthenticated blind SQL injection vulnerability rooted in improper input sanitization within the Avi Load Balancer’s controller components.
A bad actor with just network access can send special SQL commands to the system. This lets them skip login checks and get sensitive data from the database. A similar but less serious problem, CVE-2025-41233, lets an authenticated user with network access misuse SQL queries. It has a CVSS score of 6.8 and needs higher permissions to be activated.
Two more flaws revealed earlier raise the risk level: CVE-2024-22264, a bug that lets an admin-level attacker make, change, and remove files as root on the host system (CVSS 7.2), and CVE-2024-22266, a flaw that shows cloud connection details in plain text in system logs (CVSS 6.5).
Together, these vulnerabilities create a chain where authentication bypass, data exposure, and privilege escalation can compound one another in poorly segmented environments.
Mitigation Guidance
Apply Broadcom’s patched builds immediately, since no workarounds exist for CVE-2025-22217.
Upgrade version 30.1.1 to 30.1.2 first before layering on the 2p2 patch.
Restrict network-level access to Avi controller management interfaces to trusted administrative segments only.
Audit system logs for exposed cloud credentials tied to CVE-2024-22266 and rotate any potentially leaked secrets.
Review admin account privileges to limit exposure from the CVE-2024-22264 privilege escalation path.
Organizations using any Avi Load Balancer version from 30.1.1 to 30.2.2 need to fix problems right away. There are serious issues that can be attacked over the network and can bypass authentication. These load balancers are very important for cloud systems in companies.
InfoSecBulletin Cybersecurity for mankind
