CVE-2025-22225 in VMware ESXi now used in active ransomware attacks
ID: 29ccb1f7-236e-5808-8481-5971dc2a4eae
STIX ID: report--29ccb1f7-236e-5808-8481-5971dc2a4eae
Feed Name: Security Affairs
Threat Score
Ransomware groups are exploiting VMware ESXi sandbox escape vulnerabilities (notably CVE-2025-22225) patched in March 2025; CISA confirmed active exploitation and Huntress reported a sophisticated ESXi exploit toolkit (MAESTRO) and VSOCK-based backdoor used by Chinese-speaking actors to achieve VM escape and persistent hypervisor control.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.