In this blog we will guide you through the process of implementig a flexible BOM Upgrade, as VMware/Broadcom likes to call it. Actually it is the process of installing one or multiple async patches through SDDC Manager. In this specific example, we will use the critical vulnerability in ESXi Security, as mentioned in VMSA-2025-0004. This patch will resolve a CVSSv3 score of 9.3, because of CVE-2025-22224.

Note however, the same procedure is valid for the currently available NSX 4.1.2.3 patch or even SDDC Manager 5.2.1.1. Earlier on, we have created a blog on the same for vCenter Server 8.0 Update 3d. A complete list of all async patches can be found in KB88287.

Steps

The following steps can be followed:

  • Make sure you always make appropriate snapshots and backups before you start.
  • Login to SDDC Manager using your credentials
  • Download the ESXi Security bundle through SDDC Manager itself
    • Download it through Bundle Management. In the SDDC Manager interface, navigate to LifeCycle Management > Bundle Management.
    • Find the VMware Software Update 1.1.1.1 bundle. These 1.1.1.1 versions are the async patches. You will notice that NSX 4.1.2.3 is also available for download as an async patch
    • Note that you can find the complete list of async patches here.

Click Download to start the download progress. Compared to vCenter Server 8.x or NSX 4.x the download is quite small, so it won’t take too long.

  • After the download completes, you can create a Patch Plan to include the async patch
  • Navigate to Inventory > Workload Domains > Management Domain > Select Updates and open Available Updates > Select Cloud Foundation 5.2.1.0
  • Click Actions > Plan Patching
    Note that the next screen will take some time to populate. Please be patient.
    If nothing pops up eventually, you might need to resolve this first through this blog post or Knowledge Base article KB380402.

  • If the Plan Patching interface populates, you can select the Software Component, in this case VMware ESXi, and select the Target Version from the dropdown box. Click Confirm. In the next screen, review the settings and click Finish
  • After a few moments the Available Updates will re-populate, and will show Configure Update.

  • This will be the part in which the ESXi Update is planned or implemented. From this point on, you can rely on the process you are used to. Each software component, e.g. NSX, vCenter or ESXi, will have a separate Configure Update button with a configuration wizard.

Background

 

 

 

 

 

 

By DM