A critical remote code execution (RCE) vulnerability in the vCenter Server virtual infrastructure management platform may allow attackers to potentially take control of affected systems. The privately reported vulnerability is tracked as CVE-2021-21972, and it was rated with a CVSSv3 base score of 9.8 out of 10 according to a security advisory. The vulnerability can be exploited remotely by unauthenticated attackers in low complexity attacks that don’t require user interaction. To patch the vulnerability, you have to upgrade affected installations to 6.5 U3n, 6.7 U3l or 7.0 U1c.
Source: https://www.bleepingcomputer.com/news/security/vmware-fixes-critical-rce-bug-in-all-default-vcenter-installs/