China-Linked Hackers Exploit VMware ESXi Zero-Days to Escape Virtual Machines

In December 2025, cybersecurity defenders intercepted a chillingly sophisticated attack that targeted the very foundation of modern cloud infrastructure: the VMware ESXi hypervisor. This wasn’t a simple malware infection; it was a surgical breach designed to shatter the fundamental security promise of virtualization, isolation. By chaining together three previously unknown zero-day vulnerabilities, threat actors linked to Chinese-speaking regions demonstrated a capability to escape from within a confined virtual machine (VM) and seize full control of the host server. This VMware ESXi VM escape exploit represents a worst-case scenario for data center and cloud security, granting attackers the keys to the entire virtual kingdom. This guide breaks down this complex attack, explains the technical wizardry behind it, and provides a clear blueprint for defense.