VMware customers who use perpetual licenses but no longer have an active support contract will not have access to crucial security patches for the time being.
This is reported by The Register. Broadcom, owner of VMware since the end of 2023, states that customers without a valid contract must first have their license status checked. Only then will they be able to download updates again. In practice, this means that many users have been unable to install patches since the end of May. This situation has potentially serious consequences.
Although Broadcom previously promised that customers with a perpetual license would retain access to patches for supported versions of vSphere, it now appears that this only applies to those who are still formally “authorized.” That status is linked to an active subscription.
Separate patch process
Users report that after logging into the Broadcom portal, they receive an error message or simply cannot access downloads. According to support staff, recent changes to the portal may cause delays of up to 90 days. Broadcom says it is working on a separate patch process for this group, but no date has been announced.
The timing is unfortunate. Several critical security vulnerabilities have already been reported in VMware products in 2025. Some of these allow attackers to gain access to the underlying host system via a virtual machine. Without rapid updates, such vulnerabilities can have a major impact on IT environments.
Rijkswaterstaat (part of the Dutch government responsible for the country’s primary infrastructure), which previously went to court to enforce support, may also find itself in this position. It has been using VMware for more than fifteen years under a perpetual license. The organization did not want to switch to a new subscription model. According to internal calculations, it would be 85 percent more expensive.
The court in The Hague has ordered VMware and Broadcom to continue providing support to Rijkswaterstaat until the latter has migrated to an alternative. After years of investing millions in VMware products, the government agency cannot be left without support. That is what the court ruled, at least.
Rijkswaterstaat uses VMware to manage critical infrastructure such as tunnels, locks, and bridges. After Broadcom acquired VMware at the end of 2023, it introduced a subscription model. Research showed that the costs for RWS would rise from 2.1 million euros to 4 million euros per year.