近日，Broadcom　发布VMware ESXi存在三个严重漏洞（CVE-2025-22224、CVE-2025-22225、CVE-2025-22226）并得到Vmware确认。为避免您的业务受影响，建议您及时开展安全风险自查。

VMware ESXi是VMware开发的企业级虚拟机监控程序，用于硬件虚拟化。，ESXi不是安装在操作系统上的软件应用程序，而是直接安装在硬件上并且集成了重要的操作系统组件。VMware ESXi原名ESX，2010年ESX4.1版本发布后，VMware将ESX更名为ESXi。ESXi被广泛应用于数据中心、云架构平台等。

据描述，由于 VMware ESXi 的虚拟机通信接口存在条件竞争，导致存在缓冲区溢出漏洞，攻击者可以利用此漏洞操控任意内存读写，窃取内存中敏感数据、从虚拟机中突破限制控制 VMware ESXi 宿主机，威胁整个服务器安全。

漏洞影响的产品和版本：

VMware ESXi 8.0 未打 ESXi80U3d-24585383补丁

VMware ESXi 7.0 未打 ESXi70U3s-24585291补丁

以下产品也受该漏洞影响：

VMware Workstation 17.x < 17.6.3

VMware Fusion 13.x< 13.6.3

VMware Cloud Foundation 4.5.x, 5.x 未打 ESXi80U3d-24585383补丁

VMware Telco Cloud Platform 3.x, 2.x 未打 KB389385 补丁

资产测绘

据daydaymap数据显示互联网存在226,385个资产，国内风险资产分布情况如下，主要分布在国内沿海省份。

解决方案

1、临时缓解方案

① 限制网络访，配置ip白名单，限制指定来源IP访问；

② 部署针对 VMware ESXi 平台安全监控系统，确保及时检测响应异常行为。

2、升级修复方案，官方已发布漏洞修复补丁

ESXi 8.0 请更新至

① 8.0 Update 3d（build 24585383），补丁地址：

1caK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6@1k6h3y4Z5k6r3!0U0M7#2)9J5k6h3u0J5L8$3q4V1j5$3!0E0i4K6u0W2j5$3!0E0i4K6u0r3N6i4y4Q4x3V1k6W2L8W2)9J5c8Y4k6E0N6$3q4J5k6g2)9J5k6r3y4A6M7#2)9J5c8Y4k6K6M7r3S2W2M7X3g2Q4x3V1k6$3M7%4m8Z5k6i4u0W2i4K6u0r3z5q4)9J5k6o6m8Q4x3V1k6J5k6h3I4W2j5i4y4W2i4K6u0V1L8X3!0@1k6i4y4Q4x3V1k6W2M7%4S2A6i4K6u0V1N6i4m8V1j5i4c8W2i4K6u0V1j5h3&6V1i4K6u0V1M7r3q4@1j5$3S2Q4x3X3c8J5k6h3I4W2j5i4y4W2i4K6u0V1L8X3!0@1k6i4y4Q4x3V1k6$3M7%4m8Z5k6i4u0W2i4K6u0V1k6i4y4^5K9g2)9J5k6o6R3H3N6e0y4V1i4K6u0V1M7X3g2D9k6h3q4K6k6g2)9J5k6r3&6G2N6r3g2K6i4K6u0W2K9s2c8E0L8l9`.`.

② 8.0 Update 2d（build 24585300），补丁地址：

258K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6@1k6h3y4Z5k6r3!0U0M7#2)9J5k6h3u0J5L8$3q4V1j5$3!0E0i4K6u0W2j5$3!0E0i4K6u0r3N6i4y4Q4x3V1k6W2L8W2)9J5c8Y4k6E0N6$3q4J5k6g2)9J5k6r3y4A6M7#2)9J5c8Y4k6K6M7r3S2W2M7X3g2Q4x3V1k6$3M7%4m8Z5k6i4u0W2i4K6u0r3z5q4)9J5k6o6m8Q4x3V1k6J5k6h3I4W2j5i4y4W2i4K6u0V1L8X3!0@1k6i4y4Q4x3V1k6W2M7%4S2A6i4K6u0V1N6i4m8V1j5i4c8W2i4K6u0V1j5h3&6V1i4K6u0V1M7r3q4@1j5$3S2Q4x3X3c8J5k6h3I4W2j5i4y4W2i4K6u0V1L8X3!0@1k6i4y4Q4x3V1k6$3M7%4m8Z5k6i4u0W2i4K6u0V1k6i4y4^5K9g2)9J5k6o6R3H3N6e0u0V1i4K6u0V1M7X3g2D9k6h3q4K6k6g2)9J5k6r3&6G2N6r3g2K6i4K6u0W2K9s2c8E0L8l9`.`.

ESXi 7.0 请更新至

7.0 Update 3s（build 24585291），补丁地址：

341K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6@1k6h3y4Z5k6r3!0U0M7#2)9J5k6h3u0J5L8$3q4V1j5$3!0E0i4K6u0W2j5$3!0E0i4K6u0r3N6i4y4Q4x3V1k6W2L8W2)9J5c8Y4k6E0N6$3q4J5k6g2)9J5k6r3y4A6M7#2)9J5c8Y4k6K6M7r3S2W2M7X3g2Q4x3V1k6$3M7%4m8Z5k6i4u0W2i4K6u0r3y4#2)9J5k6o6m8Q4x3V1k6J5k6h3I4W2j5i4y4W2i4K6u0V1L8X3!0@1k6i4y4Q4x3V1k6W2M7%4S2A6i4K6u0V1N6i4m8V1j5i4c8W2i4K6u0V1j5h3&6V1i4K6u0V1M7r3q4@1j5$3S2Q4x3X3c8J5k6h3I4W2j5i4y4W2i4K6u0V1L8X3!0@1k6i4y4Q4x3V1k6$3M7%4m8Z5k6i4u0W2i4K6u0V1k6i4y4^5K9g2)9J5k6o6M7H3N6e0y4K6i4K6u0V1M7X3g2D9k6h3q4K6k6g2)9J5k6r3&6G2N6r3g2K6i4K6u0W2K9s2c8E0L8l9`.`.

参考链接

948K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6K6N6i4m8H3L8%4u0@1i4K6u0W2j5Y4u0G2j5h3c8U0L8$3#2Q4x3X3g2U0L8$3#2Q4x3V1k6%4k6h3u0Q4x3V1k6W2j5%4S2Q4x3V1k6K6N6i4m8H3L8%4u0@1i4K6u0V1j5$3!0F1N6r3g2F1N6q4)9J5k6r3&6G2N6r3W2X3K9h3y4S2N6r3W2G2L8W2)9J5c8W2)9J5k6q4)9J5c8X3g2^5N6r3g2J5L8X3q4D9i4K6u0r3j5$3!0F1N6r3g2F1N6q4)9J5c8W2y4W2j5H3`.`.

原文链接

[培训]科锐逆向工程师培训第53期2025年7月8日开班！