Active Exploitation of VMware ESXi via Zero-Day VM Escape Toolkit

CyberDefender 6 mins0

1. What’s Happening — Active Exploitation in the Wild

Threat actors are targeting VMware ESXi hosts using a sophisticated zero-day exploit toolkit that enables them to escape out of a guest virtual machine (VM) and compromise the underlying hypervisor — a critical breach of isolation. This was confirmed in a new incident report detailing an attack disrupted by Huntress.

  • The toolkit — internally dubbed MAESTRO — chains multiple vulnerabilities to break VM containment.
  • Attackers start with initial access via a compromised VPN appliance (SonicWall), then escalate domain privileges before deploying the ESXi exploit.
  • Once inside, they disable VMware kernel drivers and load unsigned code to bypass driver signing enforcement, then run the core exploit.

This escalation path is especially dangerous because successful exploitation gives the attacker full control over the ESXi host, impacting all VMs running on that host.

2. Technical Details of the Exploit

Analysis from Huntress and cybersecurity sources shows that the exploit toolkit:

  • Disables VMware VMCI drivers to access lower-level components.
  • Uses KDU (Kernel Driver Utility) to load an unsigned driver, bypassing security controls.
  • Chains multiple vulnerabilities to achieve VM escape and hypervisor control.

These techniques allow attackers to:

  • Crash or take over the VMX process (responsible for VM execution on ESXi).
  • Execute code at the host hypervisor level, fully breaking guest isolation.
  • Modify firewall rules and stage reconnaissance and exfiltration tools as part of the attack sequence.

3. Vulnerabilities Involved

While specific CVE numbers for this toolkit haven’t been officially disclosed yet, it’s likely leveraging the same zero-day vulnerabilities VMware patched earlier that were confirmed to be exploited in the wild, including:

  • CVE-2025-22224 — Critical TOCTOU (Time-Of-Check to Time-Of-Use) bug in ESXi that enables code execution in VMX.
  • CVE-2025-22225 — Arbitrary write bug, leading to sandbox escape.
  • CVE-2025-22226 — Information disclosure in VMX/HGFS.
    These were disclosed and patched in March 2025 after evidence of active exploitation.

These flaws can be chained for a full hypervisor compromise if an attacker already has a foothold inside a VM.

4. Who’s Affected — Scope & Impact

  • VMware ESXi versions 5.1 through 8.0 have builds that are potentially targeted by this toolkit.
  • Attackers with inside VM access or administrator credentials can potentially escalate to hypervisor compromise.
  • Hosts that haven’t applied security updates from VMware’s advisories remain at risk.

Once the hypervisor is compromised:

  • All guest VMs become insecure.
  • Attackers can install backdoors, destroy or exfiltrate data, and manipulate system configuration.
  • Traditional network security tools (firewalls/IDS) often cannot see hypervisor-level attacks, making detection harder.

5. Mitigation & Defensive Steps

To reduce risk and mitigate this type of threat:

  1. VMware has released updates for known zero-day bugs — staying patched blocks many exploitation paths.
  2. Secure VPN appliances and jump hosts — initial access often begins with compromised perimeter gear.
  3. Enforce multi-factor authentication and block unwanted administrative access.
  4. Track unusual processes directly on ESXi hosts (e.g., lsof -a) and watch for unsigned driver loads or use of kernel utilities like KDU.
  5. Isolate guest VM traffic and hypervisor management interfaces to limit lateral movement once inside.
  6. Have an IR plan for hypervisor compromise — it’s one of the most critical components in virtualized environments.

This activity is part of a wider trend of attackers focusing on virtualization infrastructure because compromising hypervisors yields maximum impact. Previous campaigns targeting similar interfaces have been attributed to both criminal (e.g., ransomware) and state-linked actors.

CyberDefender