CVE-2025-22224 is a vulnerability tracked across 5 threat clusters and 7 intelligence report mentions on ThreatCluster. First observed January 7, 2026; most recent activity February 6, 2026.
Chinese-linked cybercriminals utilized a VMware ESXi hypervisor escape kit to target the ESXi hypervisor. Researchers from Huntress reported that the toolkit was in development as early as February 2024 and was used in…
Chinese-linked cybercriminals utilized a VMware ESXi hypervisor escape toolkit over a year prior to the public disclosure of the vulnerabilities. Researchers at Huntress identified an intrusion in December 2025,…
Chinese-speaking threat actors conducted attacks using a VMware ESXi exploit toolkit that leveraged three zero-day vulnerabilities, identified as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226. The initial access…
In December 2025, Chinese-speaking threat actors exploited vulnerabilities in VMware ESXi using a toolkit delivered through a compromised SonicWall VPN appliance. The toolkit included exploits for three zero-day…
CISA has confirmed the active exploitation of a critical vulnerability in VMware ESXi, tracked as CVE-2025-22225. This zero-day flaw allows attackers to escape security sandboxes and is currently being used in…