¡¾·ì϶¹«¸æ¡¿VMware HGFS ÐÅϢй¶·ì϶(CVE-2025-22226)

°ä²¼¹¦·ò 2025-03-06

Ò»¡¢·ì϶¸ÅÊö


·ì϶Ãû³Æ

VMware HGFS ÐÅϢй¶·ì϶

CVE   ID

CVE-2025-22226

·ì϶ÀàÐÍ

ÐÅϢй¶

·¢ÏÖ¹¦·ò

2025-03-06

·ì϶ÆÀ·Ö

7.1

·ì϶µÈ¼¶

¸ßΣ

¹¥»÷ÏòÁ¿

±¾µØ

ËùÐèȨÏÞ

ÎÞ

ÀûÓÃÄѶÈ

µÍ

Óû§½»»¥

ÎÞ

PoC/EXP

δ¹«¿ª

ÔÚÒ°ÀûÓÃ

ÒÑ·¢ÏÖ


VMware HGFS£¨Host-Guest File System£©ÊÇVMwareÌṩµÄÖ÷»ú-º£¶«Îļþ¹²Ïíϵͳ£¬£¬£¬ÓÃÓÚÔÚËÞÖ÷»ú£¨Host£©ºÍÐé¹¹»ú£¨Guest£©Ö®¼ä¸ßЧ´«ÊäÎļþ¡£¡£¡£HGFSÔÊÐíÓû§ÔÚÐé¹¹»¯»·¾³ÖÐÎÞ·ì½Ó¼û¹²ÏíĿ¼£¬£¬£¬¼ò»¯Êý¾Ý»¥»»£¬£¬£¬Ìá¸ß²Ù×÷·½±ãÐÔ¡£¡£¡£¸ÃÖ°ÄÜÖØÒªÓÃÓÚVMware Workstation¡¢FusionºÍESXi¡£¡£¡£


2025Äê3ÔÂ6ÈÕ£¬£¬£¬OG¶«·½ÌüVSRC¼à²âµ½VMware°ä²¼ÁËCVE-2025-22226Óйذ²È«²¼¸æ¡£¡£¡£²¼¸æÖ¸³ö£¬£¬£¬VMware ESXi¡¢WorkstationºÍFusion´æÔÚHGFS£¨Ö÷»ú-º£¶«Îļþϵͳ£©Ô½½ç¶ÁÈ¡·ì϶£¬£¬£¬¿ÉÄܵ¼ÖÂÐÅϢй¶¡£¡£¡£¾ß±¸Ðé¹¹»úÖÎÀíԱȨÏ޵Ĺ¥»÷Õß¿ÉÀûÓø÷ì϶£¬£¬£¬´ÓVMX¹ý³Ì¶ÁÈ¡ÄÚ´æÊý¾Ý£¬£¬£¬½ø¶ø»ñȡDZÔÚÃô¸ÐÐÅÏ¢¡£¡£¡£¸Ã·ì϶CVSSv3ÆÀ·Ö7.1£¬£¬£¬·ì϶µÈ¼¶Îª¸ßΣ¡£¡£¡£¡£


¶þ¡¢Ó°ÏìÁìÓò


VMware ESXi 8.0 < ESXi80U3d-24585383
VMware ESXi 8.0 < ESXi80U2d-24585300
VMware ESXi 7.0 < ESXi70U3s-24585291
VMware Workstation 17.x < 17.6.3
VMware Fusion 13.x < 13.6.3
VMware Cloud Foundation 5.x < Òì²½²¹¶¡ESXi80U3d-24585383
VMware Cloud Foundation 4.5.x < Òì²½²¹¶¡ESXi70U3s-24585291
VMware Telco Cloud Platform 5.x, 4.x, 3.x, 2.x  < KB389385
VMware Telco Cloud Infrastructure 3.x, 2.x < KB389385


Èý¡¢°²È«´ëÊ©


3.1 Éý¼¶°æ±¾


Vmware¹Ù·½ÒÑÔÚÈçÏ°汾ÖÐÐÞ¸´ÁË´Ë·ì϶¡£¡£¡£½¨ÒéÊÜÓ°ÏìµÄÓû§¾¡¿ìÉý¼¶£¬£¬£¬ÒÔ½â¾ö¸ÃÎÊÌâ¡£¡£¡£
VMware ESXi 8.0 >= ESXi80U3d-24585383
VMware ESXi 8.0 >= ESXi80U2d-24585300
VMware ESXi 7.0 >= ESXi70U3s-24585291
VMware Workstation 17.x >= 17.6.3
VMware Fusion 13.x >= 13.6.3
VMware Cloud Foundation 5.x >= Òì²½²¹¶¡ESXi80U3d-24585383
VMware Cloud Foundation 4.5.x >= Òì²½²¹¶¡ESXi70U3s-24585291
VMware Telco Cloud Platform 5.x, 4.x, 3.x, 2.x >= KB389385
VMware Telco Cloud Infrastructure 3.x, 2.x >= KB389385


ÏÂÔØÁ´½Ó£º£º£ºhttps://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390/


3.2 һʱ´ëÊ©


ÔÝÎÞ¡£¡£¡£


3.3 ͨÓý¨Òé


? ¶¨ÆÚ¸üÐÂϵͳ²¹¶¡£¬£¬£¬Ï÷¼õϵͳ·ì϶£¬£¬£¬ÌáÉý·þÎñÆ÷µÄ°²È«ÐÔ¡£¡£¡£
¼ÓǿϵͳºÍÍøÂçµÄ½Ó¼û½ÚÖÆ£¬£¬£¬Åú¸Ä·À»ðǽսÊõ£¬£¬£¬¹Ø±Õ·Ç±ØÒªµÄÀûÓö˿ڻò·þÎñ£¬£¬£¬Ï÷¼õ½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢RDPµÈ£©Â¶³öµ½¹«Íø£¬£¬£¬Ï÷¼õ¹¥»÷Ãæ¡£¡£¡£
ʹÓÃÆóÒµ¼¶°²È«²úÆ·£¬£¬£¬ÌáÉýÆóÒµµÄÍøÂ簲ȫ»úÄÜ¡£¡£¡£
¼ÓǿϵͳÓû§ºÍȨÏÞÖÎÀí£¬£¬£¬ÆôÓöà³É·ÖÈÏÖ¤»úÖƺÍ×îСȨÏÞ×¼Ôò£¬£¬£¬Óû§ºÍÈí¼þȨÏÞӦά³ÖÔÚ×îµÍÏ޶ȡ£¡£¡£
ÆôÓÃÇ¿ÃÜÂëÕ½Êõ²¢ÉèÖÃΪ¶¨ÆÚÅú¸Ä¡£¡£¡£


3.4 ²Î¿¼Á´½Ó


https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390
https://nvd.nist.gov/vuln/detail/CVE-2025-22226