Being in the company of many public clouds offering VMware products, I don't know of any of them that use vCF.
Yes, VMware keeps pushing it on us, but there's nothing in there that we wouldn't want to take control of oursevles anyway.
Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA) has issued two warnings in a single day to VMware users, as it believes the virtualization giant's products can be exploited by miscreants to gain control of systems. The agency rates this threat as sufficiently serious to demand US government agencies pull …
Actually, what you are really being told, is a remote action with network access to the UI has obtained administrative access without the need to authenticate.
And malicious actors, who can all too easily now also be uncovered and identified as lurking amongst the leading drivers behind the many desperate defenders engaging in battle against that exploitable 0day vulnerability fest/RAT feast/markets bloodbath, will not have their sorrows to seek as they are guaranteed to be bombarded by all manner of virtual machinery into surrender and submission and/or worthy defeat and absolute annihilation. The choice is theirs to make.