Chinese-speaking threat actors are suspected of exploiting a severe vulnerability in VMware ESXi, a virtual machine management software, potentially as early as February 2024. This sophisticated attack chain, observed in December 2025, began with a compromised SonicWall VPN appliance and aimed to achieve a virtual machine (VM) escape. Cybersecurity firm Huntress halted the attack before its final ransomware deployment phase, highlighting the advanced capabilities of the perpetrators.
The attack leveraged three VMware vulnerabilities (CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226) that were disclosed as zero-days by Broadcom in March 2025. These vulnerabilities, with CVSS scores ranging from 7.1 to 9.3, allowed threat actors with administrative privileges to leak memory from the Virtual Machine Executable (VMX) process or execute code as the VMX process. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) subsequently added these flaws to its Known Exploited Vulnerabilities (KEV) catalog due to evidence of active exploitation.
Advanced VMware ESXi Exploit Chain Uncovered
Researchers at Huntress analyzed a toolkit associated with this activity, noting the presence of simplified Chinese strings within its development paths, including a folder translated as “All version escape – delivery.” This, coupled with the exploited zero-day vulnerabilities, suggests a well-resourced developer likely operating in a Chinese-speaking region. The exploit’s behavior, including its use of Host-Guest File System (HGFS) for information leakage and Virtual Machine Communication Interface (VMCI) for memory corruption, reinforces the assessment of its effectiveness in breaching VMware’s virtualized environments.
The exploit toolkit is multi-component, orchestrated by a file named “exploit.exe,” also known as MAESTRO. This orchestrator utilizes embedded binaries to disable VMware’s guest-side VMCI drivers and load an unsigned kernel driver, MyDriver.sys, into kernel memory. This driver is responsible for identifying the specific ESXi version and triggering the exploits for CVE-2025-22226 and CVE-2025-22224. Subsequently, three payloads are written directly into the VMX process memory.
Payloads and VM Escape Mechanism
The injected payloads include Stage 1 shellcode to prepare the VMX sandbox escape environment, Stage 2 shellcode to establish a foothold on the ESXi host, and VSOCKpuppet, a 64-bit ELF backdoor. This backdoor provides persistent remote access to the ESXi host and communicates via VSOCK (Virtual Sockets) on port 10000. The exploit achieves the VM escape by overwriting a function pointer within the VMX process. After saving the original pointer, it replaces it with the shellcode’s address. A VMCI message is then sent to the host to trigger VMX, causing it to follow the corrupted pointer and execute the attacker’s shellcode instead of legitimate code. This final stage is associated with CVE-2025-22225, an arbitrary write vulnerability enabling sandbox escape.
The threat actors employed a “client.exe” (also known as GetShell Plugin) to interact with the compromised ESXi host from a guest Windows VM. This client communicates over VSOCK, bypassing traditional network monitoring entirely and significantly hindering detection. The PDB path embedded in the client binary indicates it may have been developed as early as November 2023. The GetShell Plugin, delivered as a ZIP archive, offers capabilities to download files from ESXi, upload files to ESXi, and execute shell commands on the hypervisor.
The exact attribution of the toolkit remains unclear. However, the use of simplified Chinese, the attack’s complexity, and the exploitation of zero-days prior to public disclosure strongly indicate a well-funded developer operating within a Chinese-speaking region, according to Huntress. This intrusion represents a highly sophisticated, multi-stage attack aiming to subvert virtual machine isolation and gain complete control of the ESXi hypervisor from within a guest VM, a scenario that poses significant risks to virtualized infrastructure.
The ongoing use of sophisticated VM escape techniques, particularly those leveraging previously undisclosed vulnerabilities, emphasizes the critical need for continuous monitoring and rapid patching of virtualized environments. Organizations utilizing VMware ESXi should prioritize applying the latest security updates and fortify their network defenses to mitigate the risk of similar advanced persistent threats. The effectiveness of VSOCK for covert communication also signifies a growing trend in threat actor tactics to evade traditional security measures, suggesting that future attacks may increasingly focus on in-band communication and hypervisor-level compromise.