Chinese-speaking threat actors were using a sophisticated VMware ESXi exploit toolkit well before the vulnerabilities were publicly disclosed, researchers warn. The exploit allowed attackers to break out of virtual machines and reach the ESXi hypervisor — a critical escalation path that can put entire virtual infrastructures at risk.

In December 2025, managed security firm Huntress analyzed an intrusion where the attackers leveraged a chain of three ESXi vulnerabilities later publicly disclosed in March 2025. Evidence from the exploit binaries suggests the toolkit was developed as early as February 2024, indicating that the bugs may have been in use long before the public disclosure.

What Happened

The threat actors reportedly gained initial access through a compromised SonicWall VPN appliance, then used a stolen Domain Admin account to pivot via RDP to domain controllers. From there, they executed an exploit chain that broke out of a VM into the ESXi hypervisor — a highly privileged aspect of virtualized environments.

This type of “VM escape” is particularly dangerous because it undermines the isolation that virtualization platforms are designed to enforce, potentially exposing all workloads hosted on an ESXi server to compromise.

Exploit Toolkit: What It Does

Investigators found the attackers used a modular toolkit with several components. Here’s a breakdown of the major parts identified by Huntress:

Vulnerabilities Exploited

The exploit chain appears to leverage three VMware ESXi vulnerabilities disclosed by Broadcom in March 2025. These were previously unknown (zero-day) at the time of the December 2025 attack:

At disclosure time, Broadcom warned that these issues could be chained to break out of a virtual machine and reach the underlying hypervisor.

Timeline & Attribution Clues

Huntress researchers found compile paths inside the exploit binaries with date-like folder names such as “2024_02_19” and “2023_11_02”, strongly suggesting development and testing started long before the bugs were publicly disclosed.

Strings in the build paths include simplified Chinese, and the folder names translate to phrases like “All version escape — delivery,” possibly indicating a target of ESXi 8.0 Update 3. Combined with an English readme file, this suggests potential plans to share or sell the toolkit to other operators.

Mitigation & Recommendations

Although Huntress couldn’t confirm with 100% certainty that the toolkit directly aligns with the vulnerabilities Broadcom disclosed, organizations should treat this as a critical wake-up call and take action:

Immediate steps to protect ESXi environments:

• Apply the latest ESXi patches and updates.

• Use YARA and Sigma detection rules released by researchers to catch early signs of compromise.

• Harden VPN appliances and monitor for unusual logins or lateral movement.

• Monitor VSOCK communication and driver loading activity, which could indicate exploit attempts.

Final Thoughts

This case highlights how advanced threat actors may develop and use exploit toolkits long before vulnerabilities are disclosed, increasing the window of exposure for unpatched infrastructure. Organizations must accelerate patch management, strengthen visibility, and treat hypervisor security as a cornerstone of modern IT defense.

Disclaimer: ClearPhish maintains a strict policy of not participating in the theft, distribution, or handling of stolen data or files. The platform does not engage in exfiltration, downloading, hosting, or reposting any illegally obtained information. Any responsibility or legal inquiries regarding the data should be directed solely at the responsible cybercriminals or attackers, as ClearPhish is not involved in these activities. We encourage parties affected by any breach to seek resolution through legal channels directly with the attackers responsible for such incidents.