VMware prevents some perpetual license holders from downloading patches
- Reference: 1753286466
- News link: https://www.theregister.co.uk/2025/07/23/vmware_patch_download_problems/
- Source link:
VMware must support crucial Dutch govt agency as it migrates off the platform, judge rules [1]READ MORE
Customers in that perilous position hold perpetual licenses for VMware products but do not have a current support contract with Broadcom, which will not renew those contracts unless users sign up for software subscriptions. Yet many customers in this situation run products that Broadcom continues to support with patches and updates.
In April 2024, Broadcom CEO Hock Tan [2]promised “free access to zero-day security patches for supported versions of vSphere” so customers "are able to use perpetual licenses in a safe and secure fashion."
VMware patches aren’t freely available; users must log on to Broadcom’s support portal to access the software.
Some VMware users in this situation have told The Register that when they enter the portal they cannot download patches, and that VMware support staff have told them it may be 90 days before the software fixes become available.
[3]
One VMware customer shared the following screenshot:
[4]
VMware support discussing patch availability with a customer - Click to enlarge
A VMware spokesperson confirmed that some customers cannot currently access patches:
“Because our support portal requires validation of customer entitlements for software patches, only entitled customers have access to the patches at this time,” the spokesperson explained.
[5]
[6]
That confirms the comment in screenshot above, in which a Broadcom support staffer wrote, “Recent changes to our support portal, related to entitlement checking, will cause delay in making patches available to customers with expired entitlements.”
The VMware spokesperson told us, “A separate patch delivery cycle will also be available for non-entitled customers and will follow at a later date.”
[7]
The spokesperson did not detail that later date. And as the screenshot above shows, users haven’t had access to patches since late May.
This is obviously a sub-optimal situation, as attackers are [8]known to target VMware implementations.
[9]VMware slows release cadence for flagship Cloud Foundation suite, but extends support
[10]VMware reboots its partner program again – and it looks like smaller players are out
[11]Telefónica Germany offloads VMware support to Spinnaker due to high renewal costs
[12]Citrix signals return to the mainstream hypervisor market with a product it says isn’t quite ready for the job
VMware has published eleven [13]security advisories in 2025, including last week’s [14]warning of critical-rated flaws which allow an attacker with administrative privileges on a virtual machine to execute code on a host machine. That’s just about the worst thing that can happen in a virtualized environment.
As revealed by The Register last month, a Dutch court ordered Broadcom's VMware subsidiary to [15]continue providing software support for at least two years to [16]Rijkswaterstaat (RWS), the exec arm of the Ministry of Infrastructure and Water Management in the Netherlands.
RWS was using VMware's server virtualization for more than 15 years under a perpetual license, and declined to purchase a subscription licensing agreement that it claimed would cost 85 percent more to continue using the same software and receiving support.
[17]
We previously asked VMware to comment on this legal tussle but it didn't respond. ®
Get our [18]Tech Resources
[1] https://www.theregister.com/2025/06/30/dutch_agency_wins_right_to/
[2] https://www.theregister.com/2024/04/16/broadcom_vmware_perpetual_license_support/
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/virtualization&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aIb2d9JAbqbT_UXxyh7PWwAAAI0&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[4] https://regmedia.co.uk/2025/07/23/screenshot_vmware_support.jpg
[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/virtualization&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aIb2d9JAbqbT_UXxyh7PWwAAAI0&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/virtualization&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aIb2d9JAbqbT_UXxyh7PWwAAAI0&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[7] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/virtualization&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aIb2d9JAbqbT_UXxyh7PWwAAAI0&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[8] https://www.theregister.com/2024/07/30/make_me_admin_esxi_flaw/
[9] https://www.theregister.com/2025/07/18/vmware_product_lifecycle_changes/
[10] https://www.theregister.com/2025/07/16/vmware_reboots_partner_program_again/
[11] https://www.theregister.com/2025/07/11/telefnica_germany_shifts_vmware_support/
[12] https://www.theregister.com/2025/07/10/citrix_returns_to_mainstream_hypervisors/
[13] https://support.broadcom.com/web/ecx/security-advisory?
[14] https://www.theregister.com/2025/07/16/vmware_reboots_partner_program_again/
[15] https://www.theregister.com/2025/06/30/dutch_agency_wins_right_to/
[16] https://www.rijkswaterstaat.nl/
[17] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_software/virtualization&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aIb2d9JAbqbT_UXxyh7PWwAAAI0&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[18] https://whitepapers.theregister.com/
Yes, because not all of these customers are small, and someone is going to open a can of lawyers soon.
It's inevitable.
As I said before, the Martin Shkreli approach to business doesn't work very well if you don't have a monopoly. Even Microsoft isn't so daft (well, yet, give it time).
Broadcom “support” portal
Broadcom have shoved all VMware downloads behind a support portal login now, even for free software like VMware fusion.
For access, they demand a load of personal information, which they don’t need from an individual in order to access free downloads.
I don’t think they understand that processing of personal data should be kept to a minimum and what is strictly necessary under GDPR. Or they don’t care.
I don’t think VMware has a great future.
Re: Broadcom “support” portal
If I had VMWare stuff and needed access, and they demanded lots of info, I might do a Blues Brother on them. Something like, oh:
Rick Bradshaw
3228 Gun Club Road
West Palm Beach,
FL 33406
Ric's the county sheriff and the address is PBSO HQ. I'm sure that he'll just love getting bumf from Broadcomm. Especially if it's addressed to 'Rick', not 'Ric', he hates it when people use the 'k'.
Or, if I wanted to be naughty,
L. J. Gibbs
1022 O St SE,
Washington DC
If Jethro, McGee, DeNozzo, and Zeva actually existed they'd love bumf from Broadcomm, too.
Exists, to Aretha singing 'Respect'.
Re: Broadcom “support” portal
I tend to use the addresses of Privacy Commissioner offices, just to keep things interesting.
:)
Re: Broadcom “support” portal
>> For access, they demand a load of personal information, which they don’t need from an individual in order to access free downloads.
So don't use it. As a free personal user you aren't likely to turn into a million dollar customer any time soon, so you are right: they don't care about you.
Re: Broadcom “support” portal
This is where you, and Broadcom, are wrong. Giving NFR software to industry professionals is a sure way to get your software into large companies and government departments. If techs and managers know your product they are going to recommend it. If the techs are already skilled in your product, there is less outlay for the bosses for training and they can start standing shit up quick. The way Broadcom are taking VMware, it won't be long until KVM becomes the hypervisor of choice, let's face it RedHat gives away free dev licenses for the techs to learn on and RHEL licensing isn't as bad as VMware bundles are getting to be
Re: Broadcom “support” portal
it won't be long until KVM becomes the hypervisor of choice, let's face it RedHat gives away free dev licenses for the techs to learn on and RHEL licensing isn't as bad as VMware bundles are getting to be
And there are virtualisation distros like Proxmox that are akin to VMWare in terms of capability. And fully supported with commercial-grade support (which obviously costs money but it's normal money not "your firstborn children down to the 5th generation" money that Broadcom is trying to charge.
A pox on them.
Re: Broadcom “support” portal
I went to download workstation 17 from them recently, not having downloaded/installed vmware workstation since 2023(v16). My personal vmware account was deactivated, though was able to reactivate it, I've had the account for over 20 years. I wanted to download this free product, but then the site said I have to wait longer while they "validate" me somehow(super pointless to validate if it's a free product). I managed to download it from archive.org a few moments later (was assuming they'd do something scummy like have to register for a license key each year or something(even if it is free) was shocked no license at all was required). I otherwise had a legit workstation 17 key I was ready to use(which i got for free since 17 came out just a week or two after I bought v16) but didn't need it after all(still keeping it just in case!).
Re: Broadcom “support” portal
Good luck with the 'validation' - took me 4 months...
:-/
Re: Broadcom “support” portal
I paid for my copy of VMWare Workstation 17.5. It was supposed to be a "perpetual license."
The very first thing Broadcom did was push an update that pointed to resources you couldn't access unless you were signed up with one of their "partners", breaking my installation.
I run VirtualBox now.
Broadcom can kiss my ass. If anyone ever starts a Canadian class action for the loss of licenses they paid for , I would be interested...
All out
That 'perpetual license' you thought you had is useless. Time for two things:
1. Urgently get replacement software which does what you need
2. Find a good attack lawyer.and make ready to sue the bastards.
Good luck.
Re: All out
I wonder if they are complying with court orders against them in this space - eg IIRC that Dutch court decision mandating they provide extended support etc.
THe software business is incresingly a protection racket
Adobe, Amazon, Apple, Broadcom, Google, IBM, Microsoft, Oracle... and now they believe Trump will cover their shoulder if some authority abroad complains they will attempt to gauge customers more.
Re: THe software business is incresingly a protection racket
Increasingly? Where ya been the last 20 years? :)
Broadcom destroys yet another acquired company for shortsighted profit. Will not work long term
The priest tech douche bros tell us the power of enshitifcation compels them!
Broadcom destroys yet another acquired company for shortsighted profit. Will not work long term
or Broadcom destroys yet another acquired company for shortsighted grift. ?
How to lose customers in just 12 steps.
Arrest
I'm surprised a country like the Netherlands, who already has a order in place, does not call up the most senior BCom exec in town to court and when they show, arrest them for failing to obey the order. Keep them there for the full 2 years that the order is active.
Re: Arrest
because ... you think Rijkswaterstaat has no access?
Broadcom’s VMware
......and Microsofts Windows should get married and then they could go FUCK each other.
Re: Broadcom’s VMware
Cmon don't be shy, ur mincing your words, be direct and to the point instead of faffing around :)
Billy Joel Wrote About Broadcom (Though He Didn't Know it)
"She cuts you once, she cuts you twice
But still you believe
The wound is so fresh you can taste the blood
But you don't have strength to leave
You've been bought, you've been sold
You've been locked outside the door
But you stand there pleadin'
With your insides bleedin' ..."
The Software Scourge
This is the scourge of software subscriptions.
At some point we can reasonably expect one of these customers to get hit in a vulnerable spot that should have been covered by one of these delayed patches. That's really going to make things interesting.