The U.S. Cybersecurity and Infrastructure Security Agency has issued an emergency directive calling for VMware to be patched or removed to mitigate in-the-wild attacks being exploited.

the following VMware products: VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, and vRealize Suite Lifecycle Manager. VMware released an update to address these vulnerabilities on April 6, 2022, and threat actors were able to reverse engineer the update and begin exploitation of impacted VMware products that remained unpatched within 48 hours of the update’s release.

On May 18, 2022, VMware released an update for two new vulnerabilities (CVE-2022-22972 and CVE-2022-22973). Based on the above, CISA expects threat actors to quickly develop a capability to exploit these newly released vulnerabilities in the same impacted VMware products. Exploiting the above vulnerabilities permits attackers to trigger a server-side template injection that may result in remote code execution (CVE-2022-22954); escalate privileges to 'root' (CVE-2022-22960 and CVE-2022-22973); and obtain administrative access without the need to authenticate (CVE-2022-22972).

[cisa.gov...]