On Tuesday, September 21, VMware released a patch advisory for a new remote code execution (RCE) vulnerability in VMware vCenter Server tracked as CVE-2021-22005. Partial proof of concept (PoC) exploit code for CVE-2021-22005 has surfaced publicly and threat actors have begun to scan the internet for publicly accessible vulnerable vCenter Servers. Although the full working exploit for CVE-2021-22005 is not in the public domain, we expect threat actors to quickly fill in the gaps and begin exploiting this vulnerability in targeted ransomware attacks. Exploitation of CVE-2021-22005 can allow a threat actor with direct network access to a vulnerable system to remotely execute malicious code of their choosing. Customers should patch all vulnerable vCenter servers as soon as possible.