Jan 09, 2026Ravie LakshmananVirtualization / Vulnerability
Chinese language-speaking menace actors are suspected to have leveraged a compromised SonicWall VPN equipment as an preliminary entry vector to deploy a VMware ESXi exploit that will have been developed way back to February 2024.
Cybersecurity agency Huntress, which noticed the exercise in December 2025 and stopped it earlier than it may progress to the ultimate stage, mentioned it might have resulted in a ransomware assault.
Most notably, the assault is believed to have exploited three VMware vulnerabilities that have been disclosed as zero-days by Broadcom in March 2025: CVE-2025-22224 (CVSS rating: 9.3), CVE-2025-22225 (CVSS rating: 8.2), and CVE-2025-22226 (CVSS rating: 7.1). Profitable exploitation of the difficulty may allow a malicious actor with admin privileges to leak reminiscence from the Digital Machine Executable (VMX) course of or execute code because the VMX course of.
That very same month, the U.S. Cybersecurity and Infrastructure Safety Company (CISA) added the flaw to the Recognized Exploited Vulnerabilities (KEV) catalog, citing proof of energetic exploitation.
“The toolkit analyzed […] additionally consists of simplified Chinese language strings in its growth paths, together with a folder named ‘全版本逃逸–交付’ (translated: ‘All model escape – supply’), and proof suggesting it was probably constructed as a zero-day exploit over a 12 months earlier than VMware’s public disclosure, pointing to a well-resourced developer probably working in a Chinese language-speaking area,” researchers Anna Pham and Matt Anderson mentioned.
The evaluation that the toolkit weaponizes the three VMware shortcomings is predicated on the exploit’s conduct, its use of Host-Visitor File System (HGFS) for info leaking, Digital Machine Communication Interface (VMCI) for reminiscence corruption, and shellcode that escapes to the kernel, the corporate added.
The toolkit includes a number of parts, chief amongst them being “exploit.exe” (aka MAESTRO), which acts because the orchestrator for your complete digital machine (VM) escape by making use of the next embedded binaries –
devcon.exe, to disable VMware’s guest-side VMCI drivers
MyDriver.sys, an unsigned kernel driver containing the exploit that is loaded into kernel reminiscence utilizing an open-source device referred to as Kernel Driver Utility (KDU), following which the exploit standing is monitored and the VMCI drivers are re-enabled
VM Escape exploitation circulation
The driving force’s primary accountability is to determine the precise ESXi model working on the host and set off an exploit for CVE-2025-22226 and CVE-2025-22224, in the end permitting the attacker to put in writing three payloads immediately into VMX’s reminiscence –
Stage 1 shellcode, to arrange the setting for the VMX sandbox escape
Stage 2 shellcode, to determine a foothold on the ESXi host
VSOCKpuppet, a 64-bit ELF backdoor that gives persistent distant entry to the ESXi host and communicates over VSOCK (Digital Sockets) port 10000
“After writing the payloads, the exploit overwrites a operate pointer inside VMX,” Huntress defined. “It first saves the unique pointer worth, then overwrites it with the tackle of the shellcode. The exploit then sends a VMCI message to the host to set off VMX.”
VSOCK communication protocol between shopper.exe and VSOCKpuppet
“When VMX handles the message, it follows the corrupted pointer and jumps to the attacker’s shellcode as an alternative of reliable code. This last stage corresponds to CVE-2025-22225, which VMware describes as an ‘arbitrary write vulnerability’ that enables ‘escaping the sandbox.'”
As a result of VSOCK affords a direct communication pathway between visitor VMs and the hypervisor, the menace actors have been discovered to make use of a “shopper.exe” (aka GetShell Plugin) that can be utilized from any visitor Home windows VM on the compromised host and ship instructions again as much as the compromised ESXi and work together with the backdoor. The PDB path embedded within the binary reveals it might have been developed in November 2023.
The shopper helps the flexibility to obtain recordsdata from ESXi to the VM, add recordsdata from the VM to ESXi, and execute shell instructions on the hypervisor. Curiously, the GetShell Plugin is dropped to the Home windows VM within the type of a ZIP archive (“Binary.zip”), which additionally features a README file with utilization directions, giving an perception into its file switch and command execution options.
It is at the moment not clear who’s behind the toolkit, however using simplified Chinese language, coupled with the sophistication of the assault chain and the abuse of zero-day vulnerabilities months earlier than public disclosure, probably factors to a well-resourced developer working in a Chinese language-speaking area, theorized Huntress.
“This intrusion demonstrates a complicated, multi-stage assault chain designed to flee digital machine isolation and compromise the underlying ESXi hypervisor,” the corporate added. “By chaining an info leak, reminiscence corruption, and sandbox escape, the menace actor achieved what each VM administrator fears: full management of the hypervisor from inside a visitor VM.”
“Using VSOCK for backdoor communication is especially regarding, it bypasses conventional community monitoring totally, making detection considerably tougher. The toolkit additionally prioritizes stealth over persistence.”
