“VM Isolation is Not Absolute”: Researchers Unmask Sophisticated ESXi “Maestro” Exploit
Ddos 
In a new report, the Huntress Tactical Response Team details a sophisticated intrusion discovered in December 2025 where threat actors successfully executed a “VM escape”—breaking out of a guest virtual machine to seize full control of the underlying VMware ESXi hypervisor.
The attack, which likely leveraged a toolkit developed as a zero-day exploit over a year before public disclosure, challenges the fundamental security promise of virtualization.
The intrusion began not with a complex zero-day, but with a classic failure: a compromised SonicWall VPN account. From there, attackers moved laterally from a backup domain controller to the primary one, eventually deploying a toolkit orchestrated by a binary dubbed “MAESTRO” (exploit.exe).
This toolkit systematically dismantled the host’s defenses. It disabled VMware’s own drivers to gain direct hardware access and used a “Bring-Your-Own-Vulnerable-Driver” (BYOVD) technique to load an unsigned malicious driver, MyDriver.sys, into the Windows kernel.
“VM isolation is not absolute,” the report warns. “Hypervisor vulnerabilities can allow attackers to break out of guest VMs and compromise all workloads on a host”.
Once the attackers escaped the VMX sandbox, they didn’t rely on standard network connections that firewalls might catch. Instead, they deployed a backdoor named “VSOCKpuppet.”
This malware communicates using VSOCK (Virtual Sockets), a high-speed interface meant for host-guest communication. By hijacking this channel, the attackers created a stealthy command line that bypassed traditional network monitoring entirely.
“The use of VSOCK for backdoor communication is particularly concerning, it bypasses traditional network monitoring entirely, making detection significantly harder,” the analysis notes.
Huntress researchers discovered simplified Chinese strings in the development paths, including a folder named “全版本逃逸–交付”, which translates to “All version escape — delivery” .
Timestamps in the code suggest this weapon was ready as early as February 2024—more than a year before VMware publicly disclosed the vulnerabilities it exploits (CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226).
“The development timeline revealed in the PDB paths tells us that this exploit potentially existed as a zero-day for over a year before VMware’s public disclosure, highlighting the persistent threat posed by well-resourced actors with access to unpatched vulnerabilities”.
The toolkit is designed to be a universal key, supporting 155 ESXi builds spanning versions 5.1 through 8.0.
Huntress advises organizations to stop relying solely on perimeter defenses and start monitoring for unusual processes on ESXi hosts directly. “Patch ESXi aggressively… If you are running end-of-life versions, you are exposed with no fix available”.
Donate