通告编号:NS-2025-0011
| TAG: | VMware ESXi、Workstation、Fusion、CVE-2025-22224、CVE-2025-22225、CVE-2025-22226 |
| 漏洞危害: | 攻击者利用此次漏洞,可实现信息窃取、沙箱逃逸、代码执行。 |
| 版本: | 1.0 |
1 漏洞概述
CVE-2025-22224:VMware ESXi和Workstation中存在TOCTOU(CheckTime-of-use)越界写入漏洞,具有虚拟机管理员权限的攻击者可通过主机上运行的虚拟机VMX进程执行任意代码。CVSS评分9.3。
CVE-2025-22225:VMware ESXi中存在任意写入漏洞,具有VMX进程特权的攻击者可通过触发任意内核写入实现沙箱逃逸。CVSS评分8.2。
CVE-2025-22226:HGFS中存在越界读取漏洞,具有虚拟机管理员权限的攻击者可通过VMX进程获取内存信息。CVSS评分7.1。
VMware是一家提供虚拟化解决方案的软件公司,它提供了多个虚拟化产品,其中包括VMware ESXi虚拟化操作系统、VMware Workstation、VMware vSphere虚拟化平台,以及各种管理和监控工具等。
参考链接:
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390
2 影响范围
CVE-2025-22224/CVE-2025-22225/CVE-2025-22226:
- VMware ESXi 8.0 U3d < ESXi80U3d-24585383
- VMware ESXi 8.0 U2d < ESXi80U2d-24585300
- VMware ESXi 7.0 < ESXi70U3s-24585291
- VMware Cloud Foundation 5.x < ESXi80U3d-24585383
- VMware Cloud Foundation 4.5.x < ESXi70U3s-24585291
- VMware Telco Cloud Platform 5.x/4.x/3.x/2.x < KB389385
- VMware Telco Cloud Infrastructure 3.x/2.x < KB389385
CVE-2025-22224/CVE-2025-22225/CVE-2025-22226:
- VMware Workstation 17.x < 17.6.3
CVE-2025-22226:
- VMware Fusion 13.x < 13.6.3
不受影响版本
- VMware ESXi 8.0 U3d >= ESXi80U3d-24585383
- VMware ESXi 8.0 U2d >= ESXi80U2d-24585300
- VMware ESXi 7.0 >= ESXi70U3s-24585291
- VMware Cloud Foundation 5.x >= ESXi80U3d-24585383
- VMware Cloud Foundation 4.5.x >= ESXi70U3s-24585291
- VMware Telco Cloud Platform 5.x/4.x/3.x/2.x >= KB389385
- VMware Telco Cloud Infrastructure 3.x/2.x >= KB389385
CVE-2025-22224/CVE-2025-22226:
- VMware Workstation 17.x >= 17.6.3
CVE-2025-22226:
- VMware Fusion 13.x >= 13.6.3
3 漏洞防护
3.1 官方升级
目前官方已发布更新修复了上述漏洞,请受影响的用户尽快安装进行防护:
| 产品版本 | 下载链接 | 操作文档 |
| VMware ESXi 8.0 ESXi80U3d-24585383 | https://support.broadcom.com/web/ecx/solutiondetails?patchId=5773 | https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u3d-release-notes.html |
| VMware ESXi 8.0 ESXi80U2d-24585300 | https://support.broadcom.com/web/ecx/solutiondetails?patchId=5772 | https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u2d-release-notes.html |
| VMware ESXi 7.0 ESXi70U3s-24585291 | https://support.broadcom.com/web/ecx/solutiondetails?patchId=5771 | https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/7-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-70u3s-release-notes.html |
| VMware Workstation 17.6.3 | (Windows):https://support.broadcom.com/group/ecx/productfiles?subFamily=VMware%20Workstation%20Pro&displayGroup=VMware%20Workstation%20Pro%2017.0%20for%20Windows&release=17.6.3&os=&servicePk=undefined&language=EN&freeDownloads=true
(Linux):https://support.broadcom.com/group/ecx/productfiles?subFamily=VMware%20Workstation%20Pro&displayGroup=VMware%20Workstation%20Pro%2017.0%20for%20Linux&release=17.6.3&os=&servicePk=undefined&language=EN&freeDownloads=true |
https://techdocs.broadcom.com/us/en/vmware-cis/desktop-hypervisors/workstation-pro/17-0/release-notes/vmware-workstation-1763-pro-release-notes.html |
| VMware Fusion 13.6.3 | https://support.broadcom.com/group/ecx/productfiles?subFamily=VMware%20Fusion&displayGroup=VMware%20Fusion%2013&release=13.6.3&os=&servicePk=undefined&language=EN&freeDownloads=true | https://techdocs.broadcom.com/us/en/vmware-cis/desktop-hypervisors/fusion-pro/13-0/release-notes/vmware-fusion-1363-release-notes.html |
| VMware Cloud Foundation 5.x, 4.5.x | https://knowledge.broadcom.com/external/article?legacyId=88287 | |
| Telco Cloud Platform 5.x, 4.x, 3.x | https://techdocs.broadcom.com/us/en/vmware-sde/telco-cloud/vmware-telco-cloud-platform/5-0/Chunk77140612.html
https://techdocs.broadcom.com/us/en/vmware-sde/telco-cloud/vmware-telco-cloud-platform/4-0/vmware-telco-cloud-platform-401-release-notes.html |
|
END
绿盟科技拥有对此安全公告的修改和解释权。如欲转载或传播此安全公告,必须保证此安全公告的完整性,包括版权声明等全部内容。未经绿盟科技允许,不得任意修改或者增减此安全公告内容,不得以任何方式将其用于商业目的。