“These flaws allow attackers to escape the isolated VM environment (VM sandbox) and execute arbitrary code at the hypervisor level (ESXi host),” he said. “A compromised hypervisor grants attackers unrestricted control over all virtual machines on the server—and potentially the entire VMware vSphere infrastructure.
These vulnerabilities are actively targeted by ransomware operators and advanced persistent threat groups as part of the ongoing ESXicape campaign, he said. “With reports indicating tens of thousands of vulnerable systems worldwide—including those in finance, healthcare, government, critical infrastructure, and telecommunications—this represents an immediate, large-scale risk to enterprise environments.”
To mitigate these threats, Walters said CISOs with affected VMware products must escalate their response beyond standard patching cycles by urgently deploying VMware-issued patches, assessing VMware-based virtualization infrastructure for signs of compromise, and enhancing monitoring for suspicious activity.
