¡¾Îó²îͨ¸æ¡¿VMware TOCTOU¶ÑÒç³öÎó²î(CVE-2025-22224)

Ðû²¼Ê±¼ä 2025-03-06

Ò»¡¢Îó²î¸ÅÊö


Îó²îÃû³Æ

VMware TOCTOU¶ÑÒç³öÎó²î

CVE   ID

CVE-2025-22224

Îó²îÀàÐÍ

Ìõ¼þ¾ºÕù

·¢Ã÷ʱ¼ä

2025-03-06

Îó²îÆÀ·Ö

9.3

Îó²îÆ·¼¶

ÑÏÖØ

¹¥»÷ÏòÁ¿

ÍâµØ

ËùÐèȨÏÞ

ÎÞ

ʹÓÃÄѶÈ

µÍ

Óû§½»»¥

ÎÞ

PoC/EXP

δ¹ûÕæ

ÔÚҰʹÓÃ

ÒÑ·¢Ã÷


VMware ESXi/WorkstationÊÇVMwareÌṩµÄÐéÄ⻯½â¾ö¼Æ»®£¬£¬£¬ÆäÖÐESXiÓÃÓÚÊý¾ÝÖÐÐĺÍЧÀÍÆ÷ÐéÄ⻯£¬£¬£¬Ö§³Ö¸ßÐÔÄÜÐéÄâ»úÖÎÀí£¬£¬£¬¶øWorkstationÖ÷ÒªÃæÏòСÎÒ˽¼ÒºÍ¿ª·¢Õߣ¬£¬£¬ÓÃÓÚÍâµØÐéÄ⻯²âÊÔ¡£¡£¡£¡£¡£¡£Á½Õß¾ùÌṩǿʢµÄ¸ôÀëÓë×ÊÔ´ÖÎÀíÄÜÁ¦£¬£¬£¬µ«¹²Ïí²¿·Öµ×²ã×é¼þ£¬£¬£¬Òò´Ë¿ÉÄÜÊܵ½ÏàͬµÄÇå¾²Îó²îÓ°Ïì¡£¡£¡£¡£¡£¡£


2025Äê3ÔÂ6ÈÕ£¬£¬£¬¼øºÚµ£±£Íø¼¯ÍÅVSRC¼à²âµ½VMwareÐû²¼ÁËCVE-2025-22224Ïà¹ØÇ徲ͨ¸æ¡£¡£¡£¡£¡£¡£Í¨¸æÖ¸³ö£¬£¬£¬VMware ESXiºÍWorkstation±£´æTOCTOU£¨Time-of-Check Time-of-Use£¬£¬£¬¼ì²é-ʹÓÃʱÐò¾ºÕù£©Îó²î£¬£¬£¬µ¼Ö¶ÑÒç³ö²¢´¥·¢Ô½½çдÈë¡£¡£¡£¡£¡£¡£¹¥»÷ÕßÈô¾ß±¸ÐéÄâ»úÍâµØÖÎÀíԱȨÏÞ£¬£¬£¬¿ÉʹÓøÃÎó²îÔÚËÞÖ÷»úÉÏÒÔVMXÀú³ÌȨÏÞÖ´ÐдúÂë¡£¡£¡£¡£¡£¡£¸ÃÎó²îCVSSv3ÆÀ·Ö9.3£¬£¬£¬Îó²îÆ·¼¶ÎªÑÏÖØ¡£¡£¡£¡£¡£¡£


¶þ¡¢Ó°Ïì¹æÄ£


VMware ESXi 8.0 < ESXi80U3d-24585383
VMware ESXi 8.0 < ESXi80U2d-24585300
VMware ESXi 7.0 < ESXi70U3s-24585291
VMware Workstation 17.x < 17.6.3
VMware Cloud Foundation 5.x < Òì²½²¹¶¡ESXi80U3d-24585383
VMware Cloud Foundation 4.5.x < Òì²½²¹¶¡ESXi70U3s-24585291
VMware Telco Cloud Platform 5.x, 4.x, 3.x, 2.x  < KB389385
VMware Telco Cloud Infrastructure 3.x, 2.x < KB389385

Èý¡¢Çå¾²²½·¥


3.1 Éý¼¶°æ±¾


Vmware¹Ù·½ÒÑÔÚÈçÏ°汾ÖÐÐÞ¸´ÁË´ËÎó²î¡£¡£¡£¡£¡£¡£½¨ÒéÊÜÓ°ÏìµÄÓû§¾¡¿ìÉý¼¶£¬£¬£¬ÒÔ½â¾ö¸ÃÎÊÌâ¡£¡£¡£¡£¡£¡£
VMware ESXi 8.0 >= ESXi80U3d-24585383
VMware ESXi 8.0 >= ESXi80U2d-24585300
VMware ESXi 7.0 >= ESXi70U3s-24585291
VMware Workstation 17.x >= 17.6.3
VMware Cloud Foundation 5.x >= Òì²½²¹¶¡ESXi80U3d-24585383
VMware Cloud Foundation 4.5.x >= Òì²½²¹¶¡ESXi70U3s-24585291
VMware Telco Cloud Platform 5.x, 4.x, 3.x, 2.x >= KB389385
VMware Telco Cloud Infrastructure 3.x, 2.x >= KB389385


ÏÂÔØÁ´½Ó£ºhttps://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390/


3.2 ÔÝʱ²½·¥


ÔÝÎÞ¡£¡£¡£¡£¡£¡£


3.3 ͨÓý¨Òé


? °´ÆÚ¸üÐÂϵͳ²¹¶¡£¡£¡£¡£¡£¡£¬£¬£¬ïÔ̭ϵͳÎó²î£¬£¬£¬ÌáÉýЧÀÍÆ÷µÄÇå¾²ÐÔ¡£¡£¡£¡£¡£¡£
ÔöǿϵͳºÍÍøÂçµÄ»á¼û¿ØÖÆ£¬£¬£¬Ð޸ķÀ»ðǽսÂÔ£¬£¬£¬¹Ø±Õ·ÇÐëÒªµÄÓ¦Óö˿ڻòЧÀÍ£¬£¬£¬ïÔÌ­½«Î£ÏÕЧÀÍ£¨ÈçSSH¡¢RDPµÈ£©Ì»Â¶µ½¹«Íø£¬£¬£¬ïÔÌ­¹¥»÷Ãæ¡£¡£¡£¡£¡£¡£
ʹÓÃÆóÒµ¼¶Çå¾²²úÆ·£¬£¬£¬ÌáÉýÆóÒµµÄÍøÂçÇå¾²ÐÔÄÜ¡£¡£¡£¡£¡£¡£
ÔöǿϵͳÓû§ºÍȨÏÞÖÎÀí£¬£¬£¬ÆôÓöàÒòËØÈÏÖ¤»úÖƺÍ×îСȨÏÞÔ­Ôò£¬£¬£¬Óû§ºÍÈí¼þȨÏÞÓ¦¼á³ÖÔÚ×îµÍÏ޶ȡ£¡£¡£¡£¡£¡£
ÆôÓÃÇ¿ÃÜÂëÕ½ÂÔ²¢ÉèÖÃΪ°´ÆÚÐ޸ġ£¡£¡£¡£¡£¡£


3.4 ²Î¿¼Á´½Ó


https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390
https://nvd.nist.gov/vuln/detail/CVE-2025-22224