Critical VMWare Vulnerability CVE-2021-21972

The actively exploited vulnerability tracked as (CVE-2021-21972) allows attacker to upload files and execute commands without any authorized privileges.


  • VMware issued patches for Critical severity flaws in ESXi and vCenter server.

  • Positive Technologies discovered a vulnerability in VMware vCenter/vSphere which allows an unauthenticated attacker to execute code remotely on the VMware hypervisor (CVE-2021-21972).

  • An updated patch version in release of ESXi patches was first reported to vendor on 2nd October 2020 and then a patch was released by VMware on 23 February 2021.