The use-after-free vulnerability (CVE-2020-4004) has a CVSS score of 9.3 out of 10, making it critical. It exists in the eXtensible Host Controller Interface (xHCI) USB controller of ESXi. A workaround is to remove the xHCI (USB 3.x) controller. The Tianfu Cup is a popular ethical hacking contest that took place earlier in November. In October, VMware issued an updated fix for a critical-severity remote code-execution flaw.
Source: https://threatpost.com/vmware-critical-flaw-esxi-hypervisor/161457/