So you create an AD group "ESX Admins" and by default, VMware is just like "oh, so you're the admin now?!"

And then to make it dumber, VMware classifies this as a *moderate* severity, despite knowing ransomware TAs are actively using it?

I can only conclude Broadcom is not serious about security. I don't know how you conclude anything else. Oh also, there are no patches planned for ESXi 7.0.

https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-operators-exploit-esxi-hypervisor-vulnerability-for-mass-encryption/