Inside the ESXi VM Escape Campaign (2025–2026)

In late 2025, Huntress identified a sophisticated intrusion campaign targeting VMware ESXi hypervisors, marking one of the most advanced cases of virtual machine (VM) escape exploitation seen in the wild. The attackers leveraged a zero-day exploit toolkit to break VM isolation, gain control over the ESXi host, and deploy a covert VSOCK-based backdoor that evaded network detection entirely. Initial access originated from compromised SonicWall VPN credentials, and the toolkit was capable of compromising 155 ESXi builds, spanning versions 5.1 through 8.0, including end-of-life systems.

Severity: High

The Exploit Toolkit

• The toolkit, which includes an orchestrator named MAESTRO, was potentially developed as a zero-day exploit over a year before public disclosure. It targets specific features like clipboard sharing and drag-and-drop to bypass Virtual Machine Executable (VMX) sandboxing.
• Vulnerabilities Leveraged: The attack is assessed to chain three specific CVEs (CVE-2025-22226, CVE-2025-22224, and CVE-2025-22225) to achieve memory leaks, out-of-bounds writes, and a sandbox escape to the kernel.
• Broad Compatibility: The exploit supports 155 different ESXi builds, spanning versions 5.1 through 8.0.
• Orchestration (MAESTRO): The exploit.exe binary manages the attack by disabling legitimate VMware drivers to gain exclusive hardware access and using a Kernel Driver Utility (KDU) to load an unsigned malicious driver (MyDriver.sys) into kernel memory.

Post-Exploitation And Backdoor

• Once the hypervisor is compromised, the attacker deploys a persistent Linux-based backdoor called VSOCKpuppet.
• Stealthy Communication: The backdoor uses VSOCK (Virtual Sockets) for communication between the guest VM and the hypervisor. This traffic is invisible to traditional network monitoring tools, firewalls, and IDS.
• Capabilities: The backdoor supports file transfers (GET/POST) and arbitrary shell command execution with root privileges.
• Operational Security: To avoid detection, the toolkit restores modified configuration files and legitimate drivers after the exploit is successful.

Threat Actor Profile

The threat actor is assessed to be a well-resourced developer likely operating in a Chinese-speaking region. Evidence for this includes:

• Simplified Chinese strings in development paths, such as a folder translated as “All version escape – delivery”.
• PDB paths with Chinese text.
• Modified driver headers labeled “XLab.”

Recommendations

1. Upgrade ESXi hosts to the latest supported build.
2. Decommission or isolate all ESXi 6.x and earlier systems, which are end-of-life and remain unpatched.
3. Restrict management access to ESXi and vCenter interfaces. Expose only via a dedicated management VLAN or VPN.
4. Harden VPN appliances (especially SonicWall): enforce MFA for all remote access, rotate all privileged credentials used on VPN concentrators, and review logs for anomalous logins or unknown IP sources.
5. Run periodic inspections on ESXi hosts: lsof -a | grep SOCKET_VMCI. Flag unknown processes establishing VMCI/VSOCK connections. Investigate processes without binary names or with anomalous file descriptors ({no file name} entries).
6. Create detections for KDU.exe execution. Command-line pattern: kdu.exe -prv 1 -map MyDriver.sys. This indicates attempt to bypass Driver Signature Enforcement.
7. Block the IOCs at their respective controls
8. https://www.virustotal.com/gui/collection/cdcdf362c2bed5a5af6c0f7037fa444425de6109c43734d530397746d2a0da6f/iocs

Source:

• https://www.huntress.com/blog/esxi-vm-escape-exploit

Enjoyed reading this Threat Intelligence Advisory? Stay updated with our latest exclusive content by following us on Twitter and LinkedIn

No related posts found.