漏洞风险提示（20250206)

发表于 2025-2-6 09:50

免责声明：以下内容原文来自互联网的公共方式，仅用于有限分享，译文内容不代表安天实验室观点，因此第三方对以下内容进行分享、传播等行为，以及所带来的一切后果与译者和安天实验室无关。以下内容亦不得用于任何商业目的，若产生法律责任，译者与安天实验室一律不予承担。

1 Veeam远程代码执行漏洞（CVE-2025-23114）
一、漏洞描述：

      Veeam 通过备份、恢复、安全和智能功能增强数据弹性，释放数据在云、虚拟、物理和 SaaS之间移动。漏洞允许攻击者执行中间人（MitM）攻击，可能获得受影响设备服务器的 root 级别权限。
二、风险等级：
      高
三、影响范围：
      Veeam Backup for Salesforce <= 3.1
      Veeam Backup for Nutanix AHV = 5.0,5.1
      Veeam Backup for AWS = 6a,7
      Veeam Backup for Microsoft Azure = 5a,6
      Veeam Backup for Google Cloud = 4,5
      Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization = 3,4.0,4.1
四、修复建议：
      目前厂商已发布升级补丁以修复漏洞，补丁获取链接：
      https://www.veeam.com/kb4712

2 Cosmos安全网关漏洞（CVE-2025-23214）
一、漏洞描述：

      Cosmos 充当应用程序的安全网关以及服务器管理器，为用户提供自行托管家庭服务器的能力。通过监控登录返回的错误码，可以判断数据库中是否存在用户。
二、风险等级：
      高
三、影响范围：
      Cosmos-Server < 0.17.7
四、修复建议：
      目前厂商已发布升级补丁以修复漏洞，补丁获取链接：
      https://github.com/azukaar/Cosmos-Server/releases/tag/v0.17.7

3 Microsoft Windows Telephony Service远程代码执行漏洞（CVE-2025-21248）
一、漏洞描述：

      Microsoft Windows Telephony Service为电话应用程序编程接口(TAPI) 提供支持，TAPI 将远程通信与操作系统集成。Microsoft Windows Telephony Service存在远程代码执行漏洞，攻击者可利用该漏洞在目标主机上执行代码。
二、风险等级：
      高
三、影响范围：
      Microsoft Windows Server 2025 (Server Core installation
      Microsoft Windows Server 2025
      Microsoft Windows Server 2022, 23H2 Edition (Server Cor
      Microsoft Windows Server 2022 (Server Core installation
      Microsoft Windows Server 2022
      Microsoft Windows Server 2019 (Server Core Installation
      Microsoft Windows Server 2019
      Microsoft Windows Server 2016 (Server Core Installation
      Microsoft Windows Server 2016
      Microsoft Windows Server 2012 R2 (Server Core installat
      Microsoft Windows Server 2012 R2
      Microsoft Windows Server 2012 (Server Core installation
      Microsoft Windows Server 2012
      Microsoft Windows Server 2008 R2 for x64-based Systems
      Microsoft Windows Server 2008 R2 for x64-based Systems
      Microsoft Windows Server 2008 for x64-based Systems Ser
      Microsoft Windows Server 2008 for x64-based Systems Ser
      Microsoft Windows Server 2008 for 32-bit Systems Servic
      Microsoft Windows Server 2008 for 32-bit Systems Servic
      Microsoft Windows 10 for x64-based Systems
      Microsoft Windows 10 for 32-bit Systems
      Microsoft Windows 10 22H2 for x64-based Systems
      Microsoft Windows 10 22H2 for ARM64-based Systems
      Microsoft Windows 10 22H2 for 32-bit Systems
      Microsoft Windows 10 21H2 for x64-based Systems
      Microsoft Windows 10 21H2 for ARM64-based Systems
      Microsoft Windows 10 21H2 for 32-bit Systems
      Microsoft Windows 10 1809 for x64-based Systems
      Microsoft Windows 10 1809 for 32-bit Systems
      Microsoft Windows 10 1607 for x64-based Systems
      Microsoft Windows 10 1607 for 32-bit Systems
      Microsoft Windows 11 24H2 for x64-based Systems
      Microsoft Windows 11 24H2 for ARM64-based Systems
      Microsoft Windows 11 23H2 for x64-based Systems
      Microsoft Windows 11 23H2 for ARM64-based Systems
      Microsoft Windows 11 22H2 for x64-based Systems
      Microsoft Windows 11 22H2 for ARM64-based Systems
四、修复建议：
      目前厂商已发布升级补丁以修复漏洞，补丁获取链接：
      https://portal.msrc.microsoft.co ... sory/CVE-2025-21248

4 Microsoft Windows Message Queuing信息泄露漏洞（CVE-2025-21220）
一、漏洞描述：

      Microsoft Windows Message Queuing是微软提供的一项服务，用于在分布式系统中实现可靠的消息传递。Microsoft Windows Message Queuing存在信息泄露漏洞，攻击者可通过与其他漏洞结合的方式利用该漏洞执行任意代码。
二、风险等级：
      高
三、影响范围：
      Microsoft Windows Server 2025 (Server Core installation
      Microsoft Windows Server 2025
      Microsoft Windows Server 2022, 23H2 Edition (Server Cor
      Microsoft Windows Server 2022 (Server Core installation
      Microsoft Windows Server 2022
      Microsoft Windows Server 2019 (Server Core Installation
      Microsoft Windows Server 2019
      Microsoft Windows Server 2016 (Server Core Installation
      Microsoft Windows Server 2016
      Microsoft Windows Server 2012 R2 (Server Core installat
      Microsoft Windows Server 2012 R2
      Microsoft Windows Server 2012 (Server Core installation
      Microsoft Windows Server 2012
      Microsoft Windows Server 2008 R2 for x64-based Systems
      Microsoft Windows Server 2008 R2 for x64-based Systems
      Microsoft Windows Server 2008 for x64-based Systems Ser
      Microsoft Windows Server 2008 for x64-based Systems Ser
      Microsoft Windows Server 2008 for 32-bit Systems Servic
      Microsoft Windows Server 2008 for 32-bit Systems Servic
      Microsoft Windows 10 for x64-based Systems
      Microsoft Windows 10 for 32-bit Systems
      Microsoft Windows 10 22H2 for x64-based Systems
      Microsoft Windows 10 22H2 for ARM64-based Systems
      Microsoft Windows 10 22H2 for 32-bit Systems
      Microsoft Windows 10 21H2 for x64-based Systems
      Microsoft Windows 10 21H2 for ARM64-based Systems
      Microsoft Windows 10 21H2 for 32-bit Systems
      Microsoft Windows 10 1809 for x64-based Systems
      Microsoft Windows 10 1809 for 32-bit Systems
      Microsoft Windows 10 1607 for x64-based Systems
      Microsoft Windows 10 1607 for 32-bit Systems
      Microsoft Windows 11 24H2 for x64-based Systems
      Microsoft Windows 11 24H2 for ARM64-based Systems
      Microsoft Windows 11 23H2 for x64-based Systems
      Microsoft Windows 11 23H2 for ARM64-based Systems
      Microsoft Windows 11 22H2 for x64-based Systems
      Microsoft Windows 11 22H2 for ARM64-based Systems
四、修复建议：
      目前厂商已发布升级补丁以修复漏洞，补丁获取链接：
      https://portal.msrc.microsoft.co ... sory/CVE-2025-21220

		自动登录	找回密码
密码			注册创意安天