¡¾Îó²îͨ¸æ¡¿VMware HGFS ÐÅϢй¶Îó²î(CVE-2025-22226)

Ðû²¼Ê±¼ä 2025-03-06

Ò»¡¢Îó²î¸ÅÊö


Îó²îÃû³Æ

VMware HGFS ÐÅϢй¶Îó²î

CVE   ID

CVE-2025-22226

Îó²îÀàÐÍ

ÐÅϢй¶

·¢Ã÷ʱ¼ä

2025-03-06

Îó²îÆÀ·Ö

7.1

Îó²îÆ·¼¶

¸ßΣ

¹¥»÷ÏòÁ¿

ÍâµØ

ËùÐèȨÏÞ

ÎÞ

ʹÓÃÄѶÈ

µÍ

Óû§½»»¥

ÎÞ

PoC/EXP

δ¹ûÕæ

ÔÚҰʹÓÃ

ÒÑ·¢Ã÷


VMware HGFS£¨Host-Guest File System£©ÊÇVMwareÌṩµÄÖ÷»ú-À´±öÎļþ¹²Ïíϵͳ£¬£¬£¬£¬£¬£¬ÓÃÓÚÔÚËÞÖ÷»ú£¨Host£©ºÍÐéÄâ»ú£¨Guest£©Ö®¼ä¸ßЧ´«ÊäÎļþ¡£¡£¡£¡£¡£HGFSÔÊÐíÓû§ÔÚÐéÄ⻯ÇéÐÎÖÐÎÞ·ì»á¼û¹²ÏíĿ¼£¬£¬£¬£¬£¬£¬¼ò»¯Êý¾Ý½»Á÷£¬£¬£¬£¬£¬£¬Ìá¸ß²Ù×÷±ãµ±ÐÔ¡£¡£¡£¡£¡£¸Ã¹¦Ð§Ö÷ÒªÓÃÓÚVMware Workstation¡¢FusionºÍESXi¡£¡£¡£¡£¡£


2025Äê3ÔÂ6ÈÕ£¬£¬£¬£¬£¬£¬¿­·¢k8VSRC¼à²âµ½VMwareÐû²¼ÁËCVE-2025-22226Ïà¹ØÇ徲ͨ¸æ¡£¡£¡£¡£¡£Í¨¸æÖ¸³ö£¬£¬£¬£¬£¬£¬VMware ESXi¡¢WorkstationºÍFusion±£´æHGFS£¨Ö÷»ú-À´±öÎļþϵͳ£©Ô½½ç¶ÁÈ¡Îó²î£¬£¬£¬£¬£¬£¬¿ÉÄܵ¼ÖÂÐÅϢй¶¡£¡£¡£¡£¡£¾ß±¸ÐéÄâ»úÖÎÀíԱȨÏ޵Ĺ¥»÷Õß¿ÉʹÓøÃÎó²î£¬£¬£¬£¬£¬£¬´ÓVMXÀú³Ì¶ÁÈ¡ÄÚ´æÊý¾Ý£¬£¬£¬£¬£¬£¬½ø¶ø»ñȡDZÔÚÃô¸ÐÐÅÏ¢¡£¡£¡£¡£¡£¸ÃÎó²îCVSSv3ÆÀ·Ö7.1£¬£¬£¬£¬£¬£¬Îó²îÆ·¼¶Îª¸ßΣ¡£¡£¡£¡£¡£


¶þ¡¢Ó°Ïì¹æÄ£


VMware ESXi 8.0 < ESXi80U3d-24585383
VMware ESXi 8.0 < ESXi80U2d-24585300
VMware ESXi 7.0 < ESXi70U3s-24585291
VMware Workstation 17.x < 17.6.3
VMware Fusion 13.x < 13.6.3
VMware Cloud Foundation 5.x < Òì²½²¹¶¡ESXi80U3d-24585383
VMware Cloud Foundation 4.5.x < Òì²½²¹¶¡ESXi70U3s-24585291
VMware Telco Cloud Platform 5.x, 4.x, 3.x, 2.x  < KB389385
VMware Telco Cloud Infrastructure 3.x, 2.x < KB389385


Èý¡¢Çå¾²²½·¥


3.1 Éý¼¶°æ±¾


Vmware¹Ù·½ÒÑÔÚÈçÏ°汾ÖÐÐÞ¸´ÁË´ËÎó²î¡£¡£¡£¡£¡£½¨ÒéÊÜÓ°ÏìµÄÓû§¾¡¿ìÉý¼¶£¬£¬£¬£¬£¬£¬ÒÔ½â¾ö¸ÃÎÊÌâ¡£¡£¡£¡£¡£
VMware ESXi 8.0 >= ESXi80U3d-24585383
VMware ESXi 8.0 >= ESXi80U2d-24585300
VMware ESXi 7.0 >= ESXi70U3s-24585291
VMware Workstation 17.x >= 17.6.3
VMware Fusion 13.x >= 13.6.3
VMware Cloud Foundation 5.x >= Òì²½²¹¶¡ESXi80U3d-24585383
VMware Cloud Foundation 4.5.x >= Òì²½²¹¶¡ESXi70U3s-24585291
VMware Telco Cloud Platform 5.x, 4.x, 3.x, 2.x >= KB389385
VMware Telco Cloud Infrastructure 3.x, 2.x >= KB389385


ÏÂÔØÁ´½Ó£ºhttps://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390/


3.2 ÔÝʱ²½·¥


ÔÝÎÞ¡£¡£¡£¡£¡£


3.3 ͨÓý¨Òé


? °´ÆÚ¸üÐÂϵͳ²¹¶¡£¬£¬£¬£¬£¬£¬ïÔ̭ϵͳÎó²î£¬£¬£¬£¬£¬£¬ÌáÉýЧÀÍÆ÷µÄÇå¾²ÐÔ¡£¡£¡£¡£¡£
ÔöǿϵͳºÍÍøÂçµÄ»á¼û¿ØÖÆ£¬£¬£¬£¬£¬£¬Ð޸ķÀ»ðǽսÂÔ£¬£¬£¬£¬£¬£¬¹Ø±Õ·ÇÐëÒªµÄÓ¦Óö˿ڻòЧÀÍ£¬£¬£¬£¬£¬£¬ïÔÌ­½«Î£ÏÕЧÀÍ£¨ÈçSSH¡¢RDPµÈ£©Ì»Â¶µ½¹«Íø£¬£¬£¬£¬£¬£¬ïÔÌ­¹¥»÷Ãæ¡£¡£¡£¡£¡£
ʹÓÃÆóÒµ¼¶Çå¾²²úÆ·£¬£¬£¬£¬£¬£¬ÌáÉýÆóÒµµÄÍøÂçÇå¾²ÐÔÄÜ¡£¡£¡£¡£¡£
ÔöǿϵͳÓû§ºÍȨÏÞÖÎÀí£¬£¬£¬£¬£¬£¬ÆôÓöàÒòËØÈÏÖ¤»úÖƺÍ×îСȨÏÞÔ­Ôò£¬£¬£¬£¬£¬£¬Óû§ºÍÈí¼þȨÏÞÓ¦¼á³ÖÔÚ×îµÍÏ޶ȡ£¡£¡£¡£¡£
ÆôÓÃÇ¿ÃÜÂëÕ½ÂÔ²¢ÉèÖÃΪ°´ÆÚÐ޸ġ£¡£¡£¡£¡£


3.4 ²Î¿¼Á´½Ó


https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390
https://nvd.nist.gov/vuln/detail/CVE-2025-22226