diff --git a/Log4j2/Vmware/HCX/README.md b/Log4j2/Vmware/HCX/README.md
new file mode 100644
index 0000000..3b3e300
--- /dev/null
+++ b/Log4j2/Vmware/HCX/README.md
@@ -0,0 +1,9 @@
+# VMware HCX log4j2 RCE
+
+Various VMware products such as VMware Horizon, VMware vCenter Server, VMware HCX, VMware NSX-T Data Center, etc. are affected by the remote code execution vulnerability CVE-2021-44228.Attackers can use the vulnerability CVE-2021-44228 to cause remote code execution and control server permissions.
+
+FOFA **query rule**: [body="VMware HCX"](https://fofa.so/result?qbase64=Ym9keT0iVk13YXJlIEhDWCI%3D)
+
+# Demo
+
+![VMware_HCX_log4j2](VMware_HCX_log4j2.gif)
diff --git a/Log4j2/Vmware/HCX/VMware_HCX_log4j2.gif b/Log4j2/Vmware/HCX/VMware_HCX_log4j2.gif
new file mode 100644
index 0000000..e1d9c60
Binary files /dev/null and b/Log4j2/Vmware/HCX/VMware_HCX_log4j2.gif differ