Huntress security researchers have uncovered a sophisticated VMware ESXi exploitation campaign using a zero-day toolkit that remained undetected for over a year before VMware’s public disclosure.
The December 2025 intrusion, which began through a compromised SonicWall VPN, demonstrates how threat actors are chaining multiple critical vulnerabilities to achieve complete hypervisor compromise.
Attack Chain Begins With VPN Compromise
The Huntress Tactical Response team observed threat actors gaining initial access via a compromised SonicWall VPN using stolen Domain Admin credentials.
Once inside the network, attackers moved laterally to backup and primary domain controllers via RDP, deploying reconnaissance tools including Advanced Port Scanner and SoftPerfect Network Scanner.
The attackers then executed ShareFinder to enumerate network shares before deploying the VMware ESXi exploit toolkit.
Following toolkit deployment, the threat actors modified Windows firewall rules to isolate compromised hosts from external networks while preserving internal connectivity.
This tactic prevented victims from accessing external security resources while allowing lateral movement across internal networks to maximize the attack’s blast radius.
Huntress researchers assessed with moderate confidence that the toolkit exploits three VMware vulnerabilities disclosed in the March 2025 security advisory VMSA-2025-0004.
| CVE ID | Vulnerability Title | CVSS Score | Severity |
|---|---|---|---|
| CVE-2025-22226 | HGFS Out-of-Bounds Read | 7.1 | High |
| CVE-2025-22224 | VMCI TOCTOU Vulnerability | 9.3 | Critical |
| CVE-2025-22225 | ESXi Arbitrary Write Vulnerability | 8.2 | Critical |
CVE-2025-22226 (CVSS 7.1) leverages an out-of-bounds read in HGFS to leak VMX process memory. CVE-2025-22224 (CVSS 9.3) exploits a time-of-check-time-of-use (TOCTOU) vulnerability in VMCI that results in an out-of-bounds write, enabling code execution as the VMX process.
CVE-2025-22225 (CVSS 8.2) provides arbitrary write capabilities in ESXi, allowing attackers to escape the VMX sandbox to the kernel level.
The exploit toolkit, named MAESTRO, orchestrates the entire attack by disabling VMware VMCI drivers, using Kernel Driver Utility (KDU) to bypass Driver Signature Enforcement, and loading unsigned exploit drivers into kernel memory.
Once executed, the toolkit deploys VSOCKpuppet, a backdoor communicating over VMware’s Virtual Sockets (VSOCK) interface, making malicious traffic invisible to traditional network monitoring tools.
Chinese-Language Development Paths Point to Well-Resourced Threat Actor
Analysis of the toolkit’s PDB paths revealed simplified Chinese strings, including a folder named “全版本逃逸–交付” (translated: “All version escape – delivery”), with timestamps indicating development in February 2024, over a year before VMware’s public disclosure.
The toolkit supports 155 ESXi builds spanning versions 5.1 through 8.0, suggesting a well-resourced developer likely operating in a Chinese-speaking region.
Organizations running ESXi must patch immediately, as end-of-life versions remain exposed with no available fixes.
Defenders should monitor ESXi hosts using “lsof -a” to identify unusual VSOCK processes and watch for BYOD techniques such as KDU loading vulnerable signed drivers.
Indicators of compromise (IOCs)
| Item | Description |
| MAESTRO payload (exploit.exe) | 37972a232ac6d8c402ac4531430967c1fd458b74a52d6d1990688d88956791a7 |
| GetShell Plugin (client.exe) | 4614346fc1ff74f057d189db45aa7dc25d6e7f3d9b68c287a409a53c86dca25e |
| VSOCKpuppet | c3f8da7599468c11782c2332497b9e5013d98a1030034243dfed0cf072469c89 |
| Binary.zip | dc5b8f7c6a8a6764de3309279e3b6412c23e6af1d7a8631c65b80027444d62bb |
| MyDriver.sys | 2bc5d02774ac1778be22cace51f9e35fe7b53378f8d70143bf646b68d2c0f94c |
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
