VMware said it has not observed exploitation of the vulnerability in the wild.
CISA is mandating federal agencies to apply updates that fix several serious VMware bugs.
Sophisticated threat groups started closing in on the VMware remote code execution flaw a week after a patch was deployed.
Researchers said an Iran-linked threat actor was exploiting the Log4j vulnerability in order to deploy backdoors, harvest credentials and other malicious activities.
Researchers found an announcement on an underground forum for LockBit Linux-ESXi Locker version 1.0 in October.