Broadcom has released a new Critical Security Advisory, VMSA-2025-0013 with a CVSS base score range of 7.1 to 9.3. With Microsoft’s commitment to the security of our platform and our improved lifecycle management process, we were able to quickly assemble a global team to work on the acceleration and validation of the ESXi 8.0 U3f + Hot Patch (VAIO bug fix) Build 24797835 security patch . We have nearly finished qualifying the security patch that will mitigate VMSA-2025-0013 across our fleet.
As a result, with the public release of this vulnerability we expect to be able to patch your existing Azure VMware Solution infrastructure next week. We are committing to completing the remediation within 30-days. Microsoft will communicate the scheduled date of patching over the next three weeks. Any Azure VMware Solution private cloud deployed next week will be provisioned with the patch already applied to the environment.
Microsoft takes an in-depth approach to vulnerability and risk management. With our new and improved partnership with Broadcom, this allows us to enhance our overall security and quickly address vulnerabilities in VMware solutions.
If you are interested in the Azure VMware Solution, please use these resources to learn more about the service:
- Homepage: Azure VMware Solution
- Documentation: Azure VMware Solution
- SLA: SLA for Azure VMware Solution
- Azure Regions: Azure Products by Region
- Known Issues: Azure VMware Solution
- Software Versions: Azure VMware Solution
- Security Advisories: Broadcom
- Release Notes: vCenter Server 8.0 U3e Build 24674346
- Release Notes: ESXi 8.0 U3f + Hot Patch (VAIO bug fix) Build 24797835
Author Bios
Rahi Patel is a Senior Technical Program Manager in the Azure VMware Solution product group at Microsoft.
René van den Bedem is a Principal Technical Program Manager in the Azure VMware Solution product group at Microsoft. His background is in enterprise architecture with extensive experience across all facets of the enterprise, public cloud & service provider spaces, including digital transformation and the business, enterprise, and technology architecture stacks. René works backwards from the problem to be solved and designs solutions that deliver business value with the minimum of risk. In addition to being the first quadruple VMware Certified Design Expert (VCDX), he is also a Dell Technologies Certified Master Enterprise Architect, a Nutanix Platform Expert (NPX), and a VMware vExpert.
Microsoft