First-Ever ESXi Host Escape at Pwn2Own: What You Need to Know

Special recognition to Lee Scites who collaborated on this article

Introduction

For the first time in Pwn2Own history, a researcher successfully compromised a VMware ESXi host, the very foundation of many enterprise virtualization environments. This occurred at Pwn2Own Berlin 2025, where Nguyen Hoang Thach of STARLabs SG leveraged a zero-day integer overflow vulnerability to execute code on the ESXi hypervisor from a guest VM.

This isn’t just a competition milestone; it’s a wake-up call. For organizations running ESXi at the heart of their data center or private cloud, this event demonstrates a real-world, proof-of-concept attack against a core infrastructure layer that’s often assumed secure.

What Is It?

The zero-day exploit was demonstrated against a fully patched VMware ESXi host in the Virtualization category. The vulnerability exploited was a previously unknown integer overflow, which led to arbitrary code execution on the hypervisor directly from a guest virtual machine.

Integer overflows occur when a calculation produces a numeric value outside the bounds of what can be represented, often resulting in memory mismanagement. In hypervisor code, especially in ESXi’s emulated device or guest interaction layers, this kind of flaw can result in out-of-bounds memory access or buffer misallocation, both of which can be used to gain control of instruction flow.

This exploit is now recognized as the first successful ESXi hypervisor compromise in Pwn2Own history, and it was awarded $150,000 and 15 Master of Pwn points, reinforcing its impact and sophistication. Per Pwn2Own and ZDI policy, the vulnerability has been responsibly disclosed to VMware, which has up to 90 days to release a patch or mitigation before details are publicly disclosed.

Why Does It Matter?

VMware ESXi is a type-1 hypervisor that forms the backbone of many enterprise and cloud virtualization environments. A successful guest-to-host escape breaks the core isolation model that virtualization depends on. It turns a sandboxed virtual machine into a platform for full hypervisor compromise.

If exploited outside of a controlled setting, a vulnerability like this could:

1. Provide direct access to all virtual machines running on the compromised host,
2. Allow escalation to root-level privileges on the hypervisor itself,
3. Enable long-term persistence at the virtualization layer,
4. Serve as an entry point for lateral movement across the infrastructure or for launching ransomware operations.

Even though this exploit was responsibly disclosed through the Pwn2Own program, its very existence demonstrates that ESXi is not immune to high-sophistication attacks. This is not theoretical, it’s a proven, real-world exploit path against a widely trusted infrastructure component.

“The successful exploitation of VMware ESXi underscores the importance of regular security assessments and timely patch management for virtualization infrastructure. Organizations relying on ESXi should stay informed about security advisories and updates from VMware to mitigate potential risks.”

Related Precedents and Additional Scenarios

While this is the first successful hypervisor escape on VMware ESXi demonstrated at Pwn2Own, it follows a lineage of prior vulnerabilities that share similar characteristics, particularly in how low-level flaws in memory handling can undermine platform isolation.

Several notable examples include:

1. CVE-2018-6981 – An uninitialized stack variable in the vmxnet3 virtual NIC allowed a guest VM to execute code on the host. This demonstrated how guest network interaction could lead to host-level compromise.
2. CVE-2017-4904 – A vulnerability in the emulated xHCI (USB 3.0) controller enabled out-of-bounds writes from a guest VM to host memory, leading to arbitrary code execution.
3. CVE-2024-37079 – An integer underflow in VMware vCenter Server, disclosed by Trend Micro’s Zero Day Initiative, enabled code execution by miscalculating memory region sizes. Though it targeted vCenter rather than ESXi directly, it reflects the continued prevalence of arithmetic-based memory flaws in VMware’s ecosystem.

In addition to vulnerability research, real-world threat activity such as the ESXiArgs ransomware campaign illustrates how attackers are already targeting hypervisors as a means of inflicting widespread damage. That campaign primarily abused management exposure and weak configurations, but it serves as a reminder that once an attacker gains access to ESXi, the blast radius can be catastrophic.

These precedents make one thing clear: the guest boundary is not inviolable. Device emulation, uninitialized variables, and unchecked memory operations remain viable attack surfaces even in mature virtualization platforms.

What Can I Do About It?

Until VMware releases a patch or advisory (as of writing, no CVE has been publicly assigned), organizations should take proactive steps to reduce exposure and harden their ESXi deployments.

Short-Term Actions:

1. Restrict access: Limit management access to ESXi hosts using network segmentation and firewall rules. Disable remote access protocols where unnecessary.
2. Harden guest configurations: Disable unneeded virtual hardware (e.g., USB controllers, legacy devices) that may expand the attack surface.
3. Monitor VMware advisories: Watch for any updates from VMware or Broadcom's VMSA page related to this vulnerability. While Zero-day vulnerabilities do not have patches to mitigate them, they are rarely exploits that are used alone, often with other unpatched vulnerabilities.

Long-Term Security Strategy:

1. Conduct periodic virtualization platform vulnerability scans. Target ESXi host configuration, vCenter Server, virtual switches, and privileged access control for misconfigurations.
2. Implement guidance from VMware’s Security Configuration Guide to reduce risk at the hypervisor level.
3. Engage third-party assessment partners like HUME-IT to evaluate whether your current ESXi deployment meets modern security standards. Our VM-SCPA offering focuses specifically on platform configuration posture and risk exposure across the entire vSphere stack.

These steps not only reduce your exposure to zero-day vulnerabilities but also align your virtualization infrastructure with defensible security baselines. A well-hardened ESXi environment is far less likely to be compromised, whether by targeted exploitation or opportunistic threat actors.

Conclusion: Bottom Line

The compromise of a VMware ESXi hypervisor at Pwn2Own Berlin 2025 is more than a competitive milestone, it’s a validation of a real-world exploit path against one of the most trusted components in enterprise infrastructure. For organizations running ESXi in production, this is not the time for complacency.

Hypervisor exploits are rare, but when they succeed, the consequences are significant. A single vulnerability at this level can bypass isolation boundaries, expose sensitive workloads, and disrupt platform integrity at its core.

Security leaders should take this event as a clear signal: ESXi and the broader virtualization stack must be reviewed, hardened, and maintained with the same urgency applied to endpoint or identity platforms. This isn’t theoretical anymore, this is a proven risk.

Don’t wait for a public exploit to test your defenses. Know your exposure. Fix what can be fixed.

References

1. Zero Day Initiative: Pwn2Own Berlin 2025 Day Three Results
2. BleepingComputer: Hackers Exploit VMware ESXi at Pwn2Own
3. Forbes: VMware Hacked As $150,000 Zero-Day Exploit Dropped
4. Trend Micro: CVE-2024-37079 – Integer Underflow in vCenter
5. VMware Security Configuration Guide (Core.vmware.com)
6. Wikipedia – Pwn2Own Competition Overview