¡¾·ì϶¹«¸æ¡¿VMware TOCTOU¶ÑÒç¶Âí½Å(CVE-2025-22224)

°ä²¼¹¦·ò 2025-03-06

Ò»¡¢·ì϶¸ÅÊö


·ìϼûû³Æ

VMware TOCTOU¶ÑÒç¶Âí½Å

CVE   ID

CVE-2025-22224

·ì϶ÀàÐÍ

ǰÌᾺÕù

·¢ÏÖ¹¦·ò

2025-03-06

·ì϶ÆÀ·Ö

9.3

·ì϶µÈ¼¶

ÑϳÁ

¹¥»÷ÏòÁ¿

±¾µØ

ËùÐèȨÏÞ

ÎÞ

ÀûÓÃÄѶÈ

µÍ

Óû§½»»¥

ÎÞ

PoC/EXP

δ¹«¿ª

ÔÚÒ°ÀûÓÃ

ÒÑ·¢ÏÖ


VMware ESXi/WorkstationÊÇVMwareÌṩµÄÐé¹¹»¯½â¾ö¹æ»® £¬ÆäÖÐESXiÓÃÓÚÊý¾ÝÖÐÐĺͷþÎñÆ÷Ðé¹¹»¯ £¬Ö§³Ö¸ß»úÄÜÐé¹¹»úÖÎÀí £¬¶øWorkstationÖØÒªÃæÏòÓ×ÎҺͿª·¢Õß £¬ÓÃÓÚ±¾µØÐé¹¹»¯²âÊÔ¡£Á½Õß¾ùÌṩ׳´óµÄ¸ôÀëÓë×ÊÔ´ÖÎÀíÄÜÁ¦ £¬µ«¹²Ïí²¿Ãŵײã×é¼þ £¬Òò¶ø¿ÉÄÜÊܵ½Ò»ÑùµÄ°²È«·ì϶ӰÏì¡£


2025Äê3ÔÂ6ÈÕ £¬mansion88Ã÷Éý¼¯ÍÅVSRC¼à²âµ½VMware°ä²¼ÁËCVE-2025-22224Óйذ²È«²¼¸æ¡£²¼¸æÖ¸³ö £¬VMware ESXiºÍWorkstation´æÔÚTOCTOU£¨Time-of-Check Time-of-Use £¬²é³­-ʹÓÃʱÐò¾ºÕù£©·ì϶ £¬µ¼Ö¶ÑÒç³ö²¢´¥·¢Ô½½çдÈë¡£¹¥»÷ÕßÈô¾ß±¸Ðé¹¹»ú±¾µØÖÎÀíԱȨÏÞ £¬¿ÉÀûÓø÷ì϶ÔÚËÞÖ÷»úÉÏÒÔVMX¹ý³ÌȨÏÞÖ´ÐдúÂë¡£¸Ã·ì϶CVSSv3ÆÀ·Ö9.3 £¬·ì϶µÈ¼¶ÎªÑϳÁ¡£


¶þ¡¢Ó°ÏìÁìÓò


VMware ESXi 8.0 < ESXi80U3d-24585383
VMware ESXi 8.0 < ESXi80U2d-24585300
VMware ESXi 7.0 < ESXi70U3s-24585291
VMware Workstation 17.x < 17.6.3
VMware Cloud Foundation 5.x < Òì²½²¹¶¡ESXi80U3d-24585383
VMware Cloud Foundation 4.5.x < Òì²½²¹¶¡ESXi70U3s-24585291
VMware Telco Cloud Platform 5.x, 4.x, 3.x, 2.x  < KB389385
VMware Telco Cloud Infrastructure 3.x, 2.x < KB389385

Èý¡¢°²È«´ëÊ©


3.1 Éý¼¶°æ±¾


Vmware¹Ù·½ÒÑÔÚÈçϰ汾Öн¨¸´ÁË´Ë·ì϶¡£½¨ÒéÊÜÓ°ÏìµÄÓû§¾¡¿ìÉý¼¶ £¬ÒÔ½â¾ö¸ÃÎÊÌâ¡£
VMware ESXi 8.0 >= ESXi80U3d-24585383
VMware ESXi 8.0 >= ESXi80U2d-24585300
VMware ESXi 7.0 >= ESXi70U3s-24585291
VMware Workstation 17.x >= 17.6.3
VMware Cloud Foundation 5.x >= Òì²½²¹¶¡ESXi80U3d-24585383
VMware Cloud Foundation 4.5.x >= Òì²½²¹¶¡ESXi70U3s-24585291
VMware Telco Cloud Platform 5.x, 4.x, 3.x, 2.x >= KB389385
VMware Telco Cloud Infrastructure 3.x, 2.x >= KB389385


ÏÂÔØÁ´½Ó£ºhttps://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390/


3.2 һʱ´ëÊ©


ÔÝÎÞ¡£


3.3 ͨÓý¨Òé


? ¶¨ÆÚ¸üÐÂϵͳ²¹¶¡ £¬Ï÷¼õϵͳ·ì϶ £¬ÌáÉý·þÎñÆ÷µÄ°²È«ÐÔ¡£
¼ÓǿϵͳºÍÍøÂçµÄ½Ó¼û½ÚÔì £¬Åú¸Ä·À»ðǽսÊõ £¬¹Ø¹Ø·Ç±ØÒªµÄÀûÓö˿ڻò·þÎñ £¬Ï÷¼õ½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢RDPµÈ£©Â¶³öµ½¹«Íø £¬Ï÷¼õ¹¥»÷Ãæ¡£
ʹÓÃÆóÒµ¼¶°²È«²úÆ· £¬ÌáÉýÆóÒµµÄÍøÂ簲ȫ»úÄÜ¡£
¼ÓǿϵͳÓû§ºÍȨÏÞÖÎÀí £¬ÆôÓöà³É·ÖÈÏÖ¤»úÔìºÍ×îÓ×ȨÏÞ×¼Ôò £¬Óû§ºÍÈí¼þȨÏÞӦά³ÖÔÚ×îµÍÏÞ¶È¡£
ÆôÓÃÇ¿ÃÜÂëÕ½Êõ²¢ÉèÖÃΪ¶¨ÆÚÅú¸Ä¡£


3.4 ²Î¿¼Á´½Ó


https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390
https://nvd.nist.gov/vuln/detail/CVE-2025-22224