一、漏洞概述
近日,绿盟科技CERT监测到VMware发布安全公告,修复了VMware ESXi&Workstation&Fusion多个高危漏洞(CVE-2025-22224/CVE-2025-22225/CVE-2025-22226),目前3个漏洞均已发现在野利用,请相关用户尽快采取措施进行防护。
CVE-2025-22224:VMware ESXi和Workstation中存在TOCTOU(CheckTime-of-use)越界写入漏洞,具有虚拟机管理权限的攻击者可通过主机上运行的虚拟机VMX进程执行任意代码。CVSS评分9.3。
CVE-2025-22225:VMware ESXi中存在任意写入漏洞,具有VMX进程特权的攻击者可通过触发任意内核写入实现沙箱逃逸。CVSS评分8.2。
CVE-2025-22226:HGFS中存在越界读取漏洞,具有虚拟机管理权限的攻击者可通过VMX进程获取内存信息。CVSS评分7.1。
VMware是一家提供虚拟化解决方案的软件公司,它提供了多个虚拟化产品,其中包括VMware ESXi虚拟化操作系统、VMware Workstation、VMware vSphere虚拟化平台,以及各种管理和监控工具等。
参考链接:
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390
二、影响范围
受影响版本
CVE-2025-22224/CVE-2025-22225/CVE-2025-22226:
VMware ESXi 8.0 U3d < ESXi80U3d-24585383
VMware ESXi 8.0 U2d < ESXi80U2d-24585300
VMware ESXi 7.0 < ESXi70U3s-24585291
VMware Cloud Foundation 5.x < ESXi80U3d-24585383
VMware Cloud Foundation 4.5.x < ESXi70U3s-24585291
VMware Telco Cloud Platform 5.x/4.x/3.x/2.x < KB389385
VMware Telco Cloud Infrastructure 3.x/2.x < KB389385
CVE-2025-22224/CVE-2025-22226:
VMware Workstation 17.x < 17.6.3
CVE-2025-22226:
VMware Fusion 13.x < 13.6.3
不受影响版本
CVE-2025-22224/CVE-2025-22225/CVE-2025-22226:
VMware ESXi 8.0 U3d >= ESXi80U3d-24585383
VMware ESXi 8.0 U2d >= ESXi80U2d-24585300
VMware ESXi 7.0 >= ESXi70U3s-24585291
VMware Cloud Foundation 5.x >= ESXi80U3d-24585383
VMware Cloud Foundation 4.5.x >= ESXi70U3s-24585291
VMware Telco Cloud Platform 5.x/4.x/3.x/2.x >= KB389385
VMware Telco Cloud Infrastructure 3.x/2.x >= KB389385
CVE-2025-22224/CVE-2025-22226:
VMware Workstation 17.x >= 17.6.3
CVE-2025-22226:
VMware Fusion 13.x >= 13.6.3
三、漏洞防护
官方升级
目前官方已发布更新修复了上述漏洞,请受影响的用户尽快安装进行防护:
| 产品版本 | 下载链接 | 操作文档 |
| VMware ESXi 8.0 ESXi80U3d-24585383 | https://support.broadcom.com/web/ecx/solutiondetails?patchId=5773 | https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u3d-release-notes.html |
| VMware ESXi 8.0 ESXi80U2d-24585300 | https://support.broadcom.com/web/ecx/solutiondetails?patchId=5772 | https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u2d-release-notes.html |
| VMware ESXi 7.0 ESXi70U3s-24585291 | https://support.broadcom.com/web/ecx/solutiondetails?patchId=5771 | https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/7-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-70u3s-release-notes.html |
| VMware Workstation 17.6.3 | (Windows):https://support.broadcom.com/group/ecx/productfiles?subFamily=VMware%20Workstation%20Pro&displayGroup=VMware%20Workstation%20Pro%2017.0%20for%20Windows&release=17.6.3&os=&servicePk=undefined&language=EN&freeDownloads=true
(Linux):https://support.broadcom.com/group/ecx/productfiles?subFamily=VMware%20Workstation%20Pro&displayGroup=VMware%20Workstation%20Pro%2017.0%20for%20Linux&release=17.6.3&os=&servicePk=undefined&language=EN&freeDownloads=true |
https://techdocs.broadcom.com/us/en/vmware-cis/desktop-hypervisors/workstation-pro/17-0/release-notes/vmware-workstation-1763-pro-release-notes.html |
| VMware Fusion 13.6.3 | https://support.broadcom.com/group/ecx/productfiles?subFamily=VMware%20Fusion&displayGroup=VMware%20Fusion%2013&release=13.6.3&os=&servicePk=undefined&language=EN&freeDownloads=true | https://techdocs.broadcom.com/us/en/vmware-cis/desktop-hypervisors/fusion-pro/13-0/release-notes/vmware-fusion-1363-release-notes.html |
| VMware Cloud Foundation 5.x, 4.5.x | https://knowledge.broadcom.com/external/article?legacyId=88287 | |
| Telco Cloud Platform 5.x, 4.x, 3.x | https://techdocs.broadcom.com/us/en/vmware-sde/telco-cloud/vmware-telco-cloud-platform/5-0/Chunk77140612.html https://techdocs.broadcom.com/us/en/vmware-sde/telco-cloud/vmware-telco-cloud-platform/4-0/vmware-telco-cloud-platform-401-release-notes.html https://techdocs.broadcom.com/us/en/vmware-sde/telco-cloud/vmware-telco-cloud-platform/3-1/Chunk1587463997.html#Chunk1587463997 |
|
声明
本安全公告仅用来描述可能存在的安全问题,绿盟科技不为此安全公告提供任何保证或承诺。由于传播、利用此安全公告所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,绿盟科技以及安全公告作者不为此承担任何责任。
绿盟科技拥有对此安全公告的修改和解释权。如欲转载或传播此安全公告,必须保证此安全公告的完整性,包括版权声明等全部内容。未经绿盟科技允许,不得任意修改或者增减此安全公告内容,不得以任何方式将其用于商业目的。