Listen to this Post
Introduction
A newly uncovered cyber-espionage operation suggests that some threat actors are not merely fast adopters of zero-day vulnerabilities — they may be developing full exploit chains long before the rest of the world even knows those flaws exist. According to an in-depth investigation by Huntress, Chinese-speaking attackers leveraged a compromised SonicWall VPN device to deploy a sophisticated VMware ESXi virtual machine escape toolkit. Disturbingly, evidence indicates this toolkit may have been operational more than a year before VMware publicly disclosed the vulnerabilities it abused.
This case challenges long-held assumptions about vulnerability timelines, disclosure windows, and the true capabilities of well-resourced threat groups. It also raises urgent questions for enterprises that rely on ESXi-based virtualization for their most sensitive workloads.
Summary of the Original Findings
Early Exploitation Before Public Disclosure
In attacks observed in December 2025, threat actors exploited VMware ESXi systems using a virtual machine escape technique that aligns closely with three VMware vulnerabilities disclosed as zero-days in March 2025. Huntress analysts believe the exploit chain was already functional as early as February 2024, suggesting prior knowledge or independent discovery of the flaws.
The Vulnerabilities Involved
The suspected exploit chain revolves around three VMware ESXi vulnerabilities, one of which carries a critical severity rating:
CVE-2025-22226 – HGFS Information Leak
This vulnerability involves an out-of-bounds read in VMware’s Host-Guest File System (HGFS), allowing attackers to leak sensitive memory from the VMX process.
CVE-2025-22224 – VMCI Code Execution
Rated critical with a 9.3 severity score, this time-of-check to time-of-use (TOCTOU) flaw in the Virtual Machine Communication Interface (VMCI) enables out-of-bounds memory writes, leading to code execution within the VMX process.
CVE-2025-22225 – ESXi Sandbox Escape
This vulnerability allows arbitrary writes that enable attackers to escape the VMX sandbox and execute code at the ESXi kernel level, effectively compromising the hypervisor.
Broadcom’s Original Warning
When disclosing the vulnerabilities, Broadcom warned that attackers with administrative privileges could chain these issues together to escape a virtual machine and gain direct access to the ESXi hypervisor.
Evidence of Earlier Development
Huntress uncovered compelling clues embedded within the exploit binaries. Program Database (PDB) paths referenced directories named “2024_02_19,” implying active development over a year before public disclosure. Folder names translated from Chinese suggest the toolkit was designed as a full-version ESXi escape delivery mechanism, specifically targeting ESXi 8.0 Update 3.
Initial Access via SonicWall VPN
Investigators strongly believe the attackers gained initial access through a compromised SonicWall VPN appliance. Using stolen Domain Admin credentials, the attackers pivoted laterally via RDP, accessed domain controllers, staged data for exfiltration, and launched the VM escape exploit from inside a guest virtual machine.
Anatomy of the Exploit Toolkit
The toolkit is modular and highly sophisticated, consisting of several components working together:
MAESTRO Orchestrator
This Windows-based component coordinates the entire VM escape process. It disables VMware VMCI devices, loads an unsigned kernel driver using Known Driver Utilities (KDU), monitors exploit success, and restores system stability afterward.
MyDriver.sys Kernel Exploit
An unsigned kernel driver responsible for executing the VM escape. It handles ESXi version detection, memory leakage via HGFS, VMCI memory corruption, sandbox escape, and deployment of a persistent hypervisor-level backdoor.
VSOCKpuppet Hypervisor Backdoor
An ELF-based backdoor running directly on the ESXi host. It enables command execution and file transfer over VMware’s VSOCK interface, bypassing traditional network monitoring and security tools.
GetShell Client Plugin
A Windows-based VSOCK client used from within a guest VM to communicate with the compromised ESXi host and control the VSOCKpuppet backdoor.
Older Build Artifacts Discovered
Another PDB path embedded in the GetShell client references a directory dated “2023_11_02,” further reinforcing the idea that components of this exploit framework existed well before the vulnerabilities became public knowledge.
Modular Threat Actor Strategy
Huntress researchers believe the attackers separate exploit development from post-exploitation tooling. This modular design allows them to reuse infrastructure and simply swap in new exploits as vulnerabilities are discovered or weaponized.
Attribution and Language Clues
Some build paths contain Simplified Chinese, while documentation appears in English. This combination suggests a Chinese-speaking development environment with possible intentions to sell or share the toolkit with other threat actors.
Confidence Level of Attribution
While Huntress is moderately confident that the toolkit leverages the same vulnerabilities disclosed by Broadcom, they stop short of absolute certainty. Their confidence is based on observed exploit behavior that aligns with HGFS leaks, VMCI corruption, and kernel-level escapes.
Defensive Recommendations
Huntress strongly recommends applying the latest ESXi security updates, auditing SonicWall VPN appliances, and deploying the provided YARA and Sigma detection rules to identify early signs of compromise.
What Undercode Say:
A Glimpse into the Real Zero-Day Economy
This case illustrates a harsh reality: public zero-day disclosures may represent the end of a vulnerability’s usefulness for attackers, not the beginning. The presence of build artifacts dating back to late 2023 and early 2024 suggests that advanced threat actors are operating on timelines far ahead of vendor awareness and disclosure cycles.
VMware as a High-Value Target
VMware ESXi remains a crown jewel for attackers. Compromising a hypervisor allows total control over all hosted workloads, making VM escape exploits exponentially more valuable than standard endpoint compromises. This toolkit reflects a deep understanding of VMware’s internal architecture and security boundaries.
SonicWall VPN as a Weak Entry Point
The repeated appearance of VPN appliances as initial access vectors is no coincidence. Edge devices often lag in patching, lack robust monitoring, and provide direct entry into privileged environments. This operation reinforces the need to treat VPN appliances as high-risk assets, not benign infrastructure.
VSOCK Abuse Signals a Shift in Stealth Tactics
The use of VSOCK for command-and-control is particularly concerning. By operating outside traditional TCP/IP networking, attackers bypass many detection tools entirely. This technique highlights a growing trend of abusing “legitimate but obscure” interfaces to remain invisible.
Modular Design Equals Longevity
Separating exploit chains from post-exploitation tooling dramatically extends the lifespan of an attack framework. Once access is achieved, attackers can recycle the same backdoors, loaders, and control mechanisms across multiple campaigns, simply adapting the initial exploit.
Attribution Without Borders
The blend of Simplified Chinese artifacts and English documentation suggests more than just a single closed group. It points to a possible commercial or semi-commercial exploit ecosystem, where tools are shared, sold, or licensed among trusted actors.
Defensive Gaps in Virtualized Environments
Many organizations focus security efforts inside guest VMs while assuming the hypervisor layer is inherently safe. This incident proves that assumption is dangerously outdated. Hypervisor security must be monitored, logged, and audited with the same rigor as endpoint systems.
The Illusion of “Patched Means Safe”
Even fully patched environments may remain vulnerable if attackers have already deployed hypervisor-level backdoors. Once an ESXi host is compromised, remediation often requires full rebuilds, not simple patching.
Implications for Incident Response
Traditional IR playbooks rarely account for hypervisor compromise. This case suggests that organizations need updated response strategies that include ESXi forensic analysis, VSOCK inspection, and validation of VM integrity.
A Warning for Cloud and On-Prem Alike
While this incident targets on-prem ESXi, the underlying lesson applies equally to private clouds and hybrid infrastructures. Virtualization layers are no longer safe abstractions — they are frontline attack surfaces.
Fact Checker Results
Vulnerability Disclosure Timeline
✅ Evidence supports exploit development predating public CVE disclosure.
Technical Exploit Behavior
✅ Observed techniques align with HGFS, VMCI, and kernel escape mechanisms.
Attribution Confidence
❌ Exact linkage to Broadcom-disclosed exploit code cannot be proven with absolute certainty.
Prediction
Hypervisor Exploits Will Go Commercial
🔮 Similar ESXi escape toolkits will likely surface in underground markets.
VSOCK-Based C2 Will Increase
🔮 More attackers will abuse non-traditional communication channels to evade detection.
Virtualization Security Will Become a Priority
🔮 Enterprises will be forced to treat hypervisors as critical security endpoints, not invisible infrastructure.
🕵️📝✔️Let’s dive deep and fact‑check.
References:
Reported By: www.bleepingcomputer.com
Extra Source Hub (Possible Sources for article):
https://www.github.com
Wikipedia
OpenAi & Undercode AI
Image Source:
Unsplash
Undercode AI DI v2
Bing
🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]
📢 Follow UndercodeNews & Stay Tuned:
𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon
