VMware ESXi Patching

JamesHawkins · ‎07-18-2025

Hello,

We have a few customers running BE6000 and BE7000 systems which were supplied with bundled versions of VMware ESXi.

There have been some recent high priority CVE vulnerabilities (CVE-2025-41236, CVE-2025-41237, CVE-2025-41238, CVE-2025-41239) with ESXi 7.0 so we need to patch to the latest version which is 7.0.3w.

The VMware article linked below states that critical security patches for customers with perpetual licenses and expired support contracts will be available.

https://knowledge.broadcom.com/external/article/314603/zero-day-ie-critical-security-patches-fo.html

Does anyone know if this applies to the bundled VMware licenses supplied with the BE6000 and BE7000?

If yes how are the patches obtained? - I have an account on the Broadcom support web site but am not entitled to download the software.

Kasun Bandara · ‎07-18-2025

hi @JamesHawkins if you purchased those Vmware licenses from cisco directly as a bundle, you can open cisco tac and get support.

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

JamesHawkins · ‎07-21-2025

Hi,

Thanks for the response. I opened a TAC case and was told that all support for the bundled VMware offerings has ceased and that they could not help. I showed them the Broadcom link above abd asked them to pass the question on to the BE6000/BE7000 product management team but they refused to do that. It was a really disappointing result as it effectively means that BE6000/BE7000 cannot be patched against severe vulnerabilities unless the customer pays for a Broadcom support contract.
Many customers will probably want to move to the recently announced Cisco developed hypervisor if they want to stick with on-premise Cisco collaboration. As it stands they will have to live with serious vulnerabilities until that hypervisor is available.

I am thinking of making a complaint with the hope of getting my request forwarded to someone who

jarias · ‎07-21-2025

@JamesHawkins,

Sorry you're having challenges here. Broadcom's changes have certainly disrupted.

For ESXi images/binaries, BE6000/7000 appliances have always used the same UCS-specific images/binaries as UCS C220/C240 of same generation. E.g. a BE7000M M6 / BE7M-M6-K9 uses same UCS-specific ESXi images as a UCS C240 M6SX / UCSC-C240-M6SX).

Where to find those images? Pre-Broadcom, vmware.com accessed with a vmware.com account. Today, broadcom.com with broadcom.com account required (Broadcom emailed customers with vmware.com accounts instructions on how to migrate to broadcom.com accounts). It is unclear if Broadcom has changed pre-requisites for customer/partner download.

For technical support from Cisco TAC (whether that's "help me find the image" or licensing or a break-fix problem), depends on which commercial offer being used (can lookup the PIDs in CCW-R to see which one). Pre-Broadcom, Cisco used to have several different offers addressing different customer scenarios, each with different pricing, feature-levels, license logistics and support paths indexed to those scenarios. All with lifelines from Cisco back to VMware.

If your "bundled ESXi" [sic] was one of the old BE6000/7000-specific embedded virtualization offers, all those entered EOL pre-Broadcom and are now past Last Day of Support (see Cisco EOL bulletins EOL11590, EOL13450, EOL13629). The lifelines from Cisco back to VMware for those offers are also gone. Means no longer upgrade-able 7.x to 8.x and no more Cisco TAC/licensing support.

If you were instead using some other commercial offer, would have to see which one to provide guidance. But note due to changes in Broadcom's direction, there is nothing Cisco can renew support on or sell new/addon for VMware products. Subscription from Broadcom channel partner or direct from VMware by Broadcom required.

If you're looking for alternative to ESXi for BE6000/BE7000, see CiscoLive session BRKCOL-2076 or one of our user group / CIUG sessions.