¡¾Â©¶´Í¨¸æ¡¿VMware HGFS ÐÅϢ鶩¶´(CVE-2025-22226)

Ðû²¼Ê±¼ä 2025-03-06

Ò»¡¢Â©¶´¸ÅÊö


©¶´Ãû³Æ

VMware HGFS ÐÅϢ鶩¶´

CVE   ID

CVE-2025-22226

©¶´ÀàÐÍ

ÐÅϢй¶

·¢ÏÖʱ¼ä

2025-03-06

©¶´ÆÀ·Ö

7.1

©¶´Æ·¼¶

¸ßΣ

¹¥»÷ÏòÁ¿

µ±µØ

ËùÐèȨÏÞ

ÎÞ

ÀûÓÃÄѶÈ

µÍ

Óû§½»»¥

ÎÞ

PoC/EXP

δ¹ûÈ»

ÔÚÒ°ÀûÓÃ

ÒÑ·¢ÏÖ


VMware HGFS£¨Host-Guest File System£©ÊÇVMwareÌṩµÄÖ÷»ú-À´±öÎļþ¹²Ïíϵͳ £¬ÓÃÓÚÔÚËÞÖ÷»ú£¨Host£©ºÍÐéÄâ»ú£¨Guest£©Ö®¼ä¸ßЧ´«ÊäÎļþ¡£HGFSÔÊÐíÓû§ÔÚÐéÄ⻯»·¾³ÖÐÎÞ·ì·ÃÎʹ²ÏíĿ¼ £¬¼ò»¯Êý¾Ý½»»» £¬Ìá¸ß²Ù×÷±ãÀûÐÔ¡£¸Ã¹¦Ð§Ö÷ÒªÓÃÓÚVMware Workstation¡¢FusionºÍESXi¡£


2025Äê3ÔÂ6ÈÕ £¬¶«É­Æ½Ì¨VSRC¼à²âµ½VMwareÐû²¼ÁËCVE-2025-22226Ïà¹ØÄþ¾²Í¨¸æ¡£Í¨¸æÖ¸³ö £¬VMware ESXi¡¢WorkstationºÍFusion´æÔÚHGFS£¨Ö÷»ú-À´±öÎļþϵͳ£©Ô½½ç¶Áȡ©¶´ £¬¿ÉÄܵ¼ÖÂÐÅϢй¶¡£¾ß±¸ÐéÄâ»ú¹ÜÀíԱȨÏ޵Ĺ¥»÷Õß¿ÉÀûÓø鶴 £¬´ÓVMX½ø³Ì¶ÁÈ¡ÄÚ´æÊý¾Ý £¬½ø¶ø»ñȡDZÔÚÃô¸ÐÐÅÏ¢¡£¸Ã©¶´CVSSv3ÆÀ·Ö7.1 £¬Â©¶´Æ·¼¶Îª¸ßΣ¡£


¶þ¡¢Ó°Ï췶Χ


VMware ESXi 8.0 < ESXi80U3d-24585383
VMware ESXi 8.0 < ESXi80U2d-24585300
VMware ESXi 7.0 < ESXi70U3s-24585291
VMware Workstation 17.x < 17.6.3
VMware Fusion 13.x < 13.6.3
VMware Cloud Foundation 5.x < Òì²½²¹¶¡ESXi80U3d-24585383
VMware Cloud Foundation 4.5.x < Òì²½²¹¶¡ESXi70U3s-24585291
VMware Telco Cloud Platform 5.x, 4.x, 3.x, 2.x  < KB389385
VMware Telco Cloud Infrastructure 3.x, 2.x < KB389385


Èý¡¢Äþ¾²´ëÊ©


3.1 Éý¼¶°æ±¾


Vmware¹Ù·½ÒÑÔÚÈçÏ°汾ÖÐÐÞ¸´ÁË´Ë©¶´¡£½¨ÒéÊÜÓ°ÏìµÄÓû§¾¡¿ìÉý¼¶ £¬ÒÔ½â¾ö¸ÃÎÊÌâ¡£
VMware ESXi 8.0 >= ESXi80U3d-24585383
VMware ESXi 8.0 >= ESXi80U2d-24585300
VMware ESXi 7.0 >= ESXi70U3s-24585291
VMware Workstation 17.x >= 17.6.3
VMware Fusion 13.x >= 13.6.3
VMware Cloud Foundation 5.x >= Òì²½²¹¶¡ESXi80U3d-24585383
VMware Cloud Foundation 4.5.x >= Òì²½²¹¶¡ESXi70U3s-24585291
VMware Telco Cloud Platform 5.x, 4.x, 3.x, 2.x >= KB389385
VMware Telco Cloud Infrastructure 3.x, 2.x >= KB389385


ÏÂÔØÁ´½Ó£ºhttps://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390/


3.2 ÁÙʱ´ëÊ©


ÔÝÎÞ¡£


3.3 ͨÓý¨Òé


? ¶¨ÆÚ¸üÐÂϵͳ²¹¶¡ £¬¼õÉÙϵͳ©¶´ £¬ÌáÉý·þÎñÆ÷µÄÄþ¾²ÐÔ¡£
¼ÓǿϵͳºÍÍøÂçµÄ·ÃÎÊ¿ØÖÆ £¬Ð޸ķÀ»ðǽ¼Æı £¬¹Ø±Õ·ÇÐëÒªµÄÓ¦Óö˿ڻò·þÎñ £¬¼õÉÙ½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢RDPµÈ£©Ì»Â¶µ½¹«Íø £¬¼õÉÙ¹¥»÷Ãæ¡£
ʹÓÃÆóÒµ¼¶Äþ¾²²úÎï £¬ÌáÉýÆóÒµµÄÍøÂçÄþ¾²ÐÔÄÜ¡£
¼ÓǿϵͳÓû§ºÍȨÏÞ¹ÜÀí £¬ÆôÓöàÒòËØÈÏÖ¤»úÖƺÍ×îСȨÏÞÔ­Ôò £¬Óû§ºÍÈí¼þȨÏÞÓ¦±£³ÖÔÚ×îµÍÏ޶ȡ£
ÆôÓÃÇ¿ÃÜÂë¼Æı²¢ÉèÖÃΪ¶¨ÆÚÐ޸ġ£


3.4 ²Î¿¼Á´½Ó


https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390
https://nvd.nist.gov/vuln/detail/CVE-2025-22226