The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
https://www.securityweek.com/vmware-struggles-to-fix-flaw-exploited-at-chinese-hacking-contest/
https://thehackernews.com/2024/09/patch-issued-for-critical-vmware.html
https://cloud.google.com/support/bulletins/index#gcp-2024-051