Attackers are using advanced techniques to break VM isolation on ESXi.
Key Takeaways:
Virtual machines are supposed to be isolated by design, but a newly discovered ESXi exploit toolkit proves that assumption can be dangerously wrong. Security researchers disclosed how attackers are escaping guest VMs and taking full control of the hypervisor itself, turning the foundation of virtualized infrastructure into the primary attack surface.
According to security researchers at Huntress, the intrusion began in December 2025, when attackers deployed a highly advanced toolkit to escape virtual machines and compromise the ESXi hypervisor. Evidence within the code suggests development began as early as February 2024, which is before VMware publicly disclosed the vulnerabilities in March 2025.
The toolkit discovered by Huntress is a highly modular and well-engineered package designed for ESXi exploitation. It includes components for reconnaissance, driver loading, and orchestrating the escape process, and supports over 150 ESXi builds from version 5.1 to 8.0. Its structure suggests careful planning, with a kernel-level driver and an orchestrator working together to exploit multiple vulnerabilities. It enables attackers to bypass isolation and gain full control of the hypervisor.
The attack method involves exploiting VMware ESXi through a chained series of vulnerabilities that allow a virtual machine to escape its sandbox and gain control over the hypervisor. First, attackers compromise a Windows system, disable VMware’s VMCI devices, and load a malicious driver using a Bring-Your-Own-Vulnerable-Driver (BYOVD) technique. This driver exploits three ESXi zero-day vulnerabilities: an out-of-bounds read for memory leakage, a TOCTOU bug for code execution within the VMX process, and an arbitrary write vulnerability that allows overwriting function pointers in the ESXi kernel.
Additionally, the exploit injects shellcode into the VMX process and triggers execution via VMware’s backdoor channels that effectively break isolation and escape into the ESXi host. After gaining control, attackers deploy a stealthy backdoor called VSOCKpuppet, which uses VSOCK communication to execute commands and transfer files between any guest VM and the compromised host. To maintain persistence and avoid detection, the malware modifies ESXi’s configuration files, cleans up traces of the exploit, and re-enables disabled drivers, which makes the intrusion extremely stealthy and difficult to identify.

Organizations should immediately apply VMware’s security patches that address the ESXi vulnerabilities to prevent exploitation. Moreover, it’s important to monitor hypervisors directly for unusual activity, such as unsigned driver loads or unexpected VSOCK traffic.
Additionally, administrators should strengthen perimeter defenses (especially VPN appliances) to block initial access. They must also implement strict access controls and regular vulnerability assessments to reduce the risk of lateral movement and privilege escalation.