In a brief , Iain Mulholland, director of VMware's security response center, said that the company was aware of a "single file" from the VMware ESX source code, and associated commentary from software developers, being publicly posted on Pastebin.com. The code and commentary date back to 2003 and 2004, he said.

Mulholland said VMware discovered the file had been publicly posted on Monday. He warned that more files containing similar source could be posted in future.

"The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers," Mulholland noted. "VMware proactively shares its source code and interfaces with other industry participants to enable the broad virtualization ecosystem today," he said, appearing to imply the leak could have happened elsewhere.

"We take customer security seriously and have engaged internal and external resources, including our VMware Security Response Center, to thoroughly investigate," he added.

Kaspersky Labs' ThreatPost blog reported on Tuesday that a hacker named 'Hardcore Charlie' from a system belonging to the China Electronics Import-Export Corporation (CEIEC), a company that does contracting work for the Chinese military. It is not immediately clear how VMware's source code ended up on CEIEC's computers.