Security researchers have uncovered a sophisticated attack campaign by Chinese-speaking threat actors exploiting three VMware ESXi zero-day vulnerabilities to escape virtual machine isolation and compromise underlying hypervisors. The multi-stage attack chain demonstrates advanced capabilities designed to breach enterprise virtualization infrastructure.

The campaign leverages three vulnerabilities originally disclosed by Broadcom in March 2025: CVE-2025-22224 with a critical CVSS score of 9.3 allowing memory leakage from the VMX process, CVE-2025-22225 rated 8.2 enabling arbitrary write and sandbox escape, and CVE-2025-22226 scored 7.1 causing memory corruption. Security firm Huntress observed the attack activity in December 2025, successfully stopping it before completion.

The attack begins with initial access through compromised SonicWall VPN appliances. Attackers then deploy an orchestrator tool called MAESTRO that loads an unsigned kernel driver using the KDU utility. Three shellcode payloads are written to VMX memory, ultimately installing a 64-bit ELF backdoor named VSOCKpuppet that maintains persistent access to ESXi hosts over VSOCK port 10000. A GetShell plugin enables command execution from compromised guest virtual machines.

Forensic analysis revealed simplified Chinese strings in development paths and a folder named 'All version escape - delivery' in Chinese characters, indicating the toolkit was developed by Chinese-speaking actors. The sophisticated nature of the tools suggests a well-resourced threat group, with the exploit kit appearing designed for private distribution rather than public sale on dark web marketplaces.

Organizations running VMware ESXi are urged to immediately apply patches for all three vulnerabilities. Security teams should monitor VSOCK communications for suspicious activity, review guest VM access controls, and implement enhanced logging on hypervisor environments to detect potential compromise.