Network virtualization infrastructure continues to be a high-value target for well-resourced threat actors. Recent analysis has revealed a sophisticated intrusion campaign in which Chinese-speaking attackers leveraged undeclared zero-day vulnerabilities in VMware ESXi hypervisor environments, possibly months before those flaws were publicly disclosed, to obtain deep, persistent access and enable virtual machine (VM) escape from guest systems into the host hypervisor.
At the center of this activity is a bespoke exploit toolkit orchestrated by advanced attackers, with clear signs of pre-disclosure development and covert deployment. The campaign underscores the growing risk that state-aligned adversaries pose to critical infrastructure built on virtualized platforms.
Background on ESXi VM Escape Exploitation
These operations are distinct from large-scale ransomware or commodity malware campaigns. Instead, they reflect the hallmarks of advanced espionage and targeted compromise:
Long-Term Exploitation: Indicators suggest the exploit toolkit known as MAESTRO was developed and used more than a year before public disclosure of the underlying vulnerabilities.
Complex Exploit Chain: The attack combines multiple vulnerabilities in sequence to achieve hypervisor compromise and persistence.
Stealth & Evasion: Techniques such as modifying firewall rules post-compromise and using unsigned drivers hint at efforts to evade detection.
Targeted Objective: Full control over ESXi hosts allows attackers to reach all hosted guest VMs and potentially stage further lateral movement.
Campaign Overview
The timeline and methodology of the observed campaign reveal a sophisticated multi-stage attack designed to bypass defenses and deeply entrench within virtual infrastructure.
Primary Targets
- Enterprise and datacenter VMware ESXi environments.
- Networks with externally accessible VPN gateways (compromised for initial access).
Key Characteristics
- Initial Access Vector: Compromised SonicWall VPN appliances provided the foothold for entering target environments.
- Exploit Chain: The custom toolkit MAESTRO chained multiple ESXi vulnerabilities to achieve VM escape into the hypervisor.
- Lateral Movement: Use of domain credentials to move within corporate networks.
- Persistence: Deployment of backdoor components that maintain control over ESXi and guest VMs.
Vulnerabilities Details
The campaign relied on a chained exploitation of multiple VMware ESXi zero-day vulnerabilities, enabling attackers to escape from a guest VM and gain control of the underlying hypervisor. Evidence indicates these flaws were exploited in the wild long before public disclosure.
| CVE ID | Affected Products & Versions | Impact | CVSS | EPSS |
|---|---|---|---|---|
| CVE-2025-22224 | • VMware ESXi 7.0 and 8.0 • VMware Workstation 17.x • VMware Cloud Foundation 4.5.x / 5.x • VMware Telco Cloud Platform 2.x–5.x • VMware Telco Cloud Infrastructure 2.x / 3.x | VMCI TOCTOU out-of-bounds write | 9.3 (Critical) | 0.71 |
| CVE-2025-22225 | • VMware ESXi 7.0 and 8.0 • VMware Cloud Foundation 4.5.x and 5.x • VMware Telco Cloud Platform 2.x–5.x • VMware Telco Cloud Infrastructure 2.x and 3.x | Arbitrary kernel write | 8.2 (High) | 0.64 |
| CVE-2025-22226 | • VMware ESXi 7.0 and 8.0 • VMware Workstation 17.x • VMware Fusion 13.x • VMware Cloud Foundation 4.5.x and 5.x • VMware Telco Cloud Platform 2.x–5.x • VMware Telco Cloud Infrastructure 2.x / 3.x | HGFS out-of-bounds read | 7.1 (Medium) | 0.48 |
These flaws were collectively addressed in VMware’s advisory VMSA-2025-0004 in March 2025, but evidence shows exploit development as early as February 2024, predating disclosure by over a year.
Infection & Exploitation Method
Initial Access
Attackers initially gained access through a compromised SonicWall VPN appliance, likely using it to pivot into the corporate network and escalate their privileges.
Exploitation Chain
Once inside, a coordinated exploit suite named MAESTRO carried out the following steps:
- Disable VMCI drivers to weaken OS kernel integrity checks.
- Deploy an unsigned exploit driver via Bring-Your-Own-Driver (BYOD) techniques to bypass signature enforcement.
- Leak VMX process memory to circumvent Address Space Layout Randomization (ASLR).
- Trigger chained vulnerability exploits to break out of the VM sandbox and gain kernel-level access.
Payload & Persistence
After gaining hypervisor control, the attackers installed a backdoor dubbed VSOCKpuppet, which leverages ESXi’s VSOCK communication channels to:
- Maintain remote control from guest VMs.
- Evade traditional VM-to-host monitoring.
- Restore drivers to reduce forensic detection.
Defense Evasion
The campaign included efforts to suppress detection and complicate incident response:
- Modified firewall rules to obstruct external monitoring while maintaining internal traffic flow.
- Unsigned driver loading, defeating kernel integrity checks.
The combination of stealthy memory manipulation and selective traffic shaping suggests the actors prioritized persistence and low visibility.
MITRE ATT&CK Techniques
| Tactic | Technique | Description |
|---|---|---|
| Initial Access | T1190 | Leveraging compromised VPN and ESXi zero-days |
| Execution | T1218 | Use of legitimate hypervisor components with exploited behavior |
| Persistence | T1547 | Unsigned driver loading for hypervisor persistence |
| Defense Evasion | T1562 | Modifying firewall rules and disabling drivers |
| Privilege Escalation | T1068 | Chaining VM escape vulnerabilities |
| Command & Control | T1105 | Delivery of VSOCK backdoor and exploit binaries |
Attack Flow
Compromised VPN Access -> ESXi Target Identification -> MAESTRO Exploit Deployment -> VMCI Disablement & Memory Leak -> VM Escape (Zero-Day Chain) -> Hypervisor -> Compromise -> VSOCKpuppet Backdoor -> Persistent Control of All Guest VMs
Mitigation Steps
Given the long-standing and covert nature of this exploitation campaign, urgent defensive measures are essential:
Patch ESXi Hosts: Apply VMware’s latest updates based on the security advisory immediately.
Harden VPN Infrastructure: Ensure VPN appliances are up-to-date and segmented, with strict access controls.
Network Segmentation: Limit VPN access to critical internal systems only; isolate virtualization management interfaces.
Monitor VSOCK Activity: Watch for unusual inter-VM socket traffic, which may signal stealthy C2 activity.
Review Firewall Policies: Detect unexpected rule changes and unauthorized openings that could facilitate lateral movement.
Credential Hygiene: Reset domain and privileged account credentials if compromise is suspected.
Instantly Fix Risks with Saner Patch Management
Saner patch management is a continuous, automated, and integrated software that instantly fixes risks exploited in the wild. The software supports major operating systems like Windows, Linux, and macOS, as well as 550+ third-party applications.
It also allows you to set up a safe testing area to test patches before deploying them in a primary production environment. Saner patch management additionally supports a patch rollback feature in case of patch failure or a system malfunction.
Experience the fastest and most accurate patching software here.