¡¾Îó²îͨ¸æ¡¿VMware ESXi í§ÒâдÈëÎó²î(CVE-2025-22225)

Ðû²¼Ê±¼ä 2025-03-06

Ò»¡¢Îó²î¸ÅÊö


Îó²îÃû³Æ

VMware ESXi í§ÒâдÈëÎó²î

CVE   ID

CVE-2025-22225

Îó²îÀàÐÍ

í§ÒâдÈë

·¢Ã÷ʱ¼ä

2025-03-06

Îó²îÆÀ·Ö

8.2

Îó²îÆ·¼¶

¸ßΣ

¹¥»÷ÏòÁ¿

ÍâµØ

ËùÐèȨÏÞ

¸ß

ʹÓÃÄѶÈ

µÍ

Óû§½»»¥

ÎÞ

PoC/EXP

δ¹ûÕæ

ÔÚҰʹÓÃ

ÒÑ·¢Ã÷


VMware ESXiÊÇVMwareÌṩµÄÆóÒµ¼¶Type-1ÐéÄ⻯ÖÎÀí³ÌÐò£¨Hypervisor£©£¬ £¬£¬£¬£¬£¬£¬£¬ÓÃÓÚЧÀÍÆ÷ÐéÄ⻯¡£¡£¡£¡£¡£ ¡£¡£¡£Ëü»ùÓÚÂã»ú¼Ü¹¹£¬ £¬£¬£¬£¬£¬£¬£¬Ö±½ÓÔËÐÐÔÚÎïÀíЧÀÍÆ÷ÉÏ£¬ £¬£¬£¬£¬£¬£¬£¬ÎÞÐèµ×²ã²Ù×÷ϵͳ£¬ £¬£¬£¬£¬£¬£¬£¬Ìṩ¸ßÐÔÄÜ¡¢×ÊÔ´¸ôÀëºÍÇå¾²ÐÔ¡£¡£¡£¡£¡£ ¡£¡£¡£ESXiÖ§³ÖÐéÄâ»úÖÎÀí¡¢¶¯Ì¬×ÊÔ´µ÷Àí¼°¸ß¿ÉÓÃÐÔ£¬ £¬£¬£¬£¬£¬£¬£¬ÆÕ±éÓ¦ÓÃÓÚÊý¾ÝÖÐÐĺÍÔÆÅÌËãÇéÐΡ£¡£¡£¡£¡£ ¡£¡£¡£


2025Äê3ÔÂ6ÈÕ£¬ £¬£¬£¬£¬£¬£¬£¬¿­·¢k8¼¯ÍÅVSRC¼à²âµ½VMwareÐû²¼ÁËCVE-2025-22225Ïà¹ØÇ徲ͨ¸æ¡£¡£¡£¡£¡£ ¡£¡£¡£Í¨¸æÖ¸³ö£¬ £¬£¬£¬£¬£¬£¬£¬VMware ESXi±£´æí§ÒâдÈëÎó²î£¬ £¬£¬£¬£¬£¬£¬£¬¹¥»÷Õß¿ÉÔÚÌض¨Ìõ¼þÏÂÏòÄÚºËдÈëÊý¾Ý¡£¡£¡£¡£¡£ ¡£¡£¡£¾ß±¸VMXÀú³ÌȨÏ޵ĶñÒâ¹¥»÷Õß¿É´¥·¢Äں˼¶í§ÒâдÈ룬 £¬£¬£¬£¬£¬£¬£¬´Ó¶øʵÏÖɳÏäÌÓÒÝ£¨Sandbox Escape£©£¬ £¬£¬£¬£¬£¬£¬£¬Í»ÆÆÐéÄ⻯¸ôÀë¡£¡£¡£¡£¡£ ¡£¡£¡£¸ÃÎó²îCVSSv3ÆÀ·Ö8.2£¬ £¬£¬£¬£¬£¬£¬£¬Îó²îÆ·¼¶Îª¸ßΣ¡£¡£¡£¡£¡£ ¡£¡£¡£


¶þ¡¢Ó°Ïì¹æÄ£


VMware ESXi 8.0 < ESXi80U3d-24585383
VMware ESXi 8.0 < ESXi80U2d-24585300
VMware ESXi 7.0 < ESXi70U3s-24585291
VMware Cloud Foundation 5.x < Òì²½²¹¶¡ESXi80U3d-24585383
VMware Cloud Foundation 4.5.x < Òì²½²¹¶¡ESXi70U3s-24585291
VMware Telco Cloud Platform 5.x, 4.x, 3.x, 2.x  < KB389385
VMware Telco Cloud Infrastructure 3.x, 2.x < KB389385


Èý¡¢Çå¾²²½·¥


3.1 Éý¼¶°æ±¾


Vmware¹Ù·½ÒÑÔÚÈçÏ°汾ÖÐÐÞ¸´ÁË´ËÎó²î¡£¡£¡£¡£¡£ ¡£¡£¡£½¨ÒéÊÜÓ°ÏìµÄÓû§¾¡¿ìÉý¼¶£¬ £¬£¬£¬£¬£¬£¬£¬ÒÔ½â¾ö¸ÃÎÊÌâ¡£¡£¡£¡£¡£ ¡£¡£¡£

VMware ESXi 8.0 >= ESXi80U3d-24585383
VMware ESXi 8.0 >= ESXi80U2d-24585300
VMware ESXi 7.0 >= ESXi70U3s-24585291
VMware Cloud Foundation 5.x >= Òì²½²¹¶¡ESXi80U3d-24585383
VMware Cloud Foundation 4.5.x >= Òì²½²¹¶¡ESXi70U3s-24585291
VMware Telco Cloud Platform 5.x, 4.x, 3.x, 2.x >= KB389385
VMware Telco Cloud Infrastructure 3.x, 2.x >= KB389385


ÏÂÔØÁ´½Ó£ºhttps://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390/


3.2 ÔÝʱ²½·¥


ÔÝÎÞ¡£¡£¡£¡£¡£ ¡£¡£¡£


3.3 ͨÓý¨Òé


? °´ÆÚ¸üÐÂϵͳ²¹¶¡£¡£¡£¡£¡£ ¡£¡£¡£¬ £¬£¬£¬£¬£¬£¬£¬ïÔ̭ϵͳÎó²î£¬ £¬£¬£¬£¬£¬£¬£¬ÌáÉýЧÀÍÆ÷µÄÇå¾²ÐÔ¡£¡£¡£¡£¡£ ¡£¡£¡£

ÔöǿϵͳºÍÍøÂçµÄ»á¼û¿ØÖÆ£¬ £¬£¬£¬£¬£¬£¬£¬Ð޸ķÀ»ðǽսÂÔ£¬ £¬£¬£¬£¬£¬£¬£¬¹Ø±Õ·ÇÐëÒªµÄÓ¦Óö˿ڻòЧÀÍ£¬ £¬£¬£¬£¬£¬£¬£¬ïÔÌ­½«Î£ÏÕЧÀÍ£¨ÈçSSH¡¢RDPµÈ£©Ì»Â¶µ½¹«Íø£¬ £¬£¬£¬£¬£¬£¬£¬ïÔÌ­¹¥»÷Ãæ¡£¡£¡£¡£¡£ ¡£¡£¡£
ʹÓÃÆóÒµ¼¶Çå¾²²úÆ·£¬ £¬£¬£¬£¬£¬£¬£¬ÌáÉýÆóÒµµÄÍøÂçÇå¾²ÐÔÄÜ¡£¡£¡£¡£¡£ ¡£¡£¡£
ÔöǿϵͳÓû§ºÍȨÏÞÖÎÀí£¬ £¬£¬£¬£¬£¬£¬£¬ÆôÓöàÒòËØÈÏÖ¤»úÖƺÍ×îСȨÏÞÔ­Ôò£¬ £¬£¬£¬£¬£¬£¬£¬Óû§ºÍÈí¼þȨÏÞÓ¦¼á³ÖÔÚ×îµÍÏ޶ȡ£¡£¡£¡£¡£ ¡£¡£¡£
ÆôÓÃÇ¿ÃÜÂëÕ½ÂÔ²¢ÉèÖÃΪ°´ÆÚÐ޸ġ£¡£¡£¡£¡£ ¡£¡£¡£


3.4 ²Î¿¼Á´½Ó


https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390
https://nvd.nist.gov/vuln/detail/CVE-2025-22225