CISA Alert: Critical VMware vCenter RCE (CVSS 9.8) Now Exploited in the Wild

CISA added CVE-2024-37079 — a critical (CVSS 9.8) out-of-bounds write/heap overflow in Broadcom VMware vCenter Server's DCERPC implementation — to its Known Exploited Vulnerabilities catalog after Broadcom confirmed in-the-wild exploitation; the flaw permits unauthenticated remote code execution via a single crafted network packet, and federal agencies are required to remediate by February 13, 2026.