The Cybersecurity and Infrastructure Security Agency (CISA) in the United States are currently monitoring several VMware vulnerabilities being exploited separately and in combination by threat actors for full system control.
In their Cybersecurity Advisory (CSA) released on the 18th of May 2022, they warn businesses that advanced persistent threat (APT) actors are actively exploiting two VMware vulnerabilities separately and in tandem.