漏洞名称:
VMware ESXi 等多款产品缓冲区溢出漏洞(CVE-2025-22224)
组件名称:
VMware-ESXi 等多款产品
影响范围:
VMware ESXi 8.0 < ESXi80U3d-24585383
VMware ESXi 8.0 < ESXi80U2d-24585300
VMware ESXi 7.0 < ESXi70U3s-24585291
VMware Workstation 17 < 17.6.3
VMware Fusion 13 < 13.6.3
VMware Cloud Foundation 5 < ESXi80U3d-24585383
VMware Cloud Foundation 4.5 < ESXi70U3s-24585291
漏洞类型:
缓冲区溢出
利用条件:
1、用户认证:需要用户认证
2、前置条件:默认配置
3、触发方式:本地
综合评价:
<综合评定利用难度>:困难,具有虚拟机管理权限的攻击者可以执行任意代码。
<综合评定威胁等级>:严重,能造成远程代码执行。
官方解决方案:
已发布
漏洞分析
组件介绍
VMware ESXi 是 VMware 公司开发的一款企业级 裸机(Bare-Metal) 虚拟化 Hypervisor(管理程序),用于创建和管理虚拟机(VM)。它是 VMware vSphere 套件的核心组件,被广泛应用于数据中心、企业 IT 基础架构和云计算平台。
漏洞简介
影响范围
VMware ESXi 8.0 < ESXi80U2d-24585300
VMware ESXi 7.0 < ESXi70U3s-24585291
VMware Workstation 17 < 17.6.3
VMware Fusion 13 < 13.6.3
VMware Cloud Foundation 5 < ESXi80U3d-24585383
VMware Cloud Foundation 4.5 < ESXi70U3s-24585291
Ivanti Endpoint Manager 2022 ≤ SU5
Ivanti Endpoint Manager 2024 < 2024 September Update
解决方案
如何检测组件系统版本
通过命令行输入vmware -vl查看当前ESXi版本。
官方修复建议
官方已发布最新版本修复该漏洞。建议受影响用户将服务器更新到以下版本:
VMware ESXi 8.0 ESXi80U3d-24585383
下载链接及文档:
https://support.broadcom.com/web/ecx/solutiondetails?patchId=5773
https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u3d-release-notes.html
VMware ESXi 8.0 ESXi80U2d-24585300
下载链接及文档:
https://support.broadcom.com/web/ecx/solutiondetails?patchId=5772
https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u2d-release-notes.html
VMware ESXi 7.0 ESXi70U3s-24585291
下载链接及文档:
https://support.broadcom.com/web/ecx/solutiondetails?patchId=5771
https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/7-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-70u3s-release-notes.html
VMware Workstation 17.6.3
下载链接及文档:
https://support.broadcom.com/group/ecx/productfiles?subFamily=VMware%20Workstation%20Pro&displayGroup=VMware%20Workstation%20Pro%2017.0%20for%20Windows&release=17.6.3&os=&servicePk=undefined&language=EN&freeDownloads=true
https://support.broadcom.com/group/ecx/productfiles?subFamily=VMware%20Workstation%20Pro&displayGroup=VMware%20Workstation%20Pro%2017.0%20for%20Linux&release=17.6.3&os=&servicePk=undefined&language=EN&freeDownloads=true
https://techdocs.broadcom.com/us/en/vmware-cis/desktop-hypervisors/workstation-pro/17-0/release-notes/vmware-workstation-1763-pro-release-notes.html
VMware Fusion 13.6.3
下载链接及文档:
https://support.broadcom.com/group/ecx/productfiles?subFamily=VMware%20Fusion&displayGroup=VMware%20Fusion%2013&release=13.6.3&os=&servicePk=undefined&language=EN&freeDownloads=true
https://techdocs.broadcom.com/us/en/vmware-cis/desktop-hypervisors/fusion-pro/13-0/release-notes/vmware-fusion-1363-release-notes.html
VMware Cloud Foundation 5.x, 4.5.x
下载链接及文档:
https://knowledge.broadcom.com/external/article?legacyId=88287
Telco Cloud Platform 5.x, 4.x, 3.x
下载链接及文档:
https://techdocs.broadcom.com/us/en/vmware-sde/telco-cloud/vmware-telco-cloud-platform/5-0/Chunk77140612.html
https://techdocs.broadcom.com/us/en/vmware-sde/telco-cloud/vmware-telco-cloud-platform/4-0/vmware-telco-cloud-platform-401-release-notes.htmlhttps://techdocs.broadcom.com/us/en/vmware-sde/telco-cloud/vmware-telco-cloud-platform/3-1/Chunk1587463997.html#Chunk1587463997
深信服解决方案
漏洞主动检测
支持对VMware-ESXi的主动检测,可批量检出业务场景中该事件的受影响资产情况,相关产品如下:
【深信服云镜YJ】已发布资产检测方案,指纹ID:0011789。
【深信服漏洞评估工具TSS】已发布资产检测方案,指纹ID:0011789。
参考链接
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390
时间轴
2025/3/5
深瞳漏洞实验室监测到VMware ESXi 等多款产品缓冲区溢出漏洞信息。
2025/3/5
深瞳漏洞实验室发布漏洞通告。
点击阅读原文,
原文始发于微信公众号(深信服千里目安全技术中心):【漏洞通告】VMware ESXi 等多款产品缓冲区溢出漏洞(CVE-2025-22224)
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论