VMware Workstation auto-updates broken after Broadcom URL redirect

VMware Workstation users report that the software's automatic update functionality is broken after Broadcom redirected the download URL to its generic support page, triggering certificate errors. While VMware Workstation continues to function, this broken update system may cause users to miss important bug fixes or security patches, especially when it is not apparent that the automatic update feature is broken until you try to use it. Broadcom has not yet issued a public statement or workaround for the issue, and BleepingComputer has confirmed it is still broken in VMware Workstation 17.6.3, the latest software version. "To update your VMware Workstation Pro, you'll need to manually download the latest installer from the Broadcom support portal. Users are now forced to log in and manually check Broadcom's website for updates, download the correct version, and install it themselves, making it frustrating for customers who expect a seamless experience. However, this URL now redirects to Broadcom's generic support page, causing the application to issue certificate validation errors and rendering its built-in update mechanism unusable. This will cause the program to connect to the software update server at to check for and download software updates.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 31 Mar 2025 23:00:05 +0000

Cyber News related to VMware Workstation auto-updates broken after Broadcom URL redirect

VMware Workstation auto-updates broken after Broadcom URL redirect - VMware Workstation users report that the software's automatic update functionality is broken after Broadcom redirected the download URL to its generic support page, triggering certificate errors. While VMware Workstation continues to function, this ...
3 months ago Bleepingcomputer.com

Broadcom Merging Carbon Black, Symantec to Create Security Unit - Carbon Black's uncertain future following the closing of Broadcom's $69 billion acquisition of VMware in November is now settled, with the security software business merging with Symantec to form Broadcom's new Enterprise Security Group. The creation ...
1 year ago Securityboulevard.com

CVE-2025-41233 - Description: ...
1 month ago

VMware makes Workstation Pro and Fusion Pro free for personal use - VMWare has made Workstation Pro and Fusion Pro free for personal use, allowing home users and students to set up their own virtualized test labs and play with another operating system at little to no cost. Things have been a little shaky since ...
1 year ago Bleepingcomputer.com

VMware ESXi 8.0 Update 3e Released for Free, What's New! - This marks a significant policy reversal after Broadcom discontinued the free ESXi offering following its acquisition of VMware, a move that had pushed many users toward alternative virtualization platforms. Broadcom has officially reintroduced the ...
3 months ago Cybersecuritynews.com

Broadcom warns of authentication bypass in VMware Windows Tools - For instance, in November, Broadcom warned that attackers were exploiting two VMware vCenter Server vulnerabilities: a privilege escalation to root (CVE-2024-38813) and a critical remote code execution flaw (CVE-2024-38812) identified during China's ...
4 months ago Bleepingcomputer.com CVE-2024-38813

VMware ESXi and Workstation Vulnerabilities Let Attackers Execute Malicious Code on Host - Multiple severe vulnerabilities have been addressed affecting VMware ESXi, Workstation, Fusion, and Tools that could allow attackers to execute malicious code on host systems. However, on VMware Workstation and Fusion desktop platforms, successful ...
1 week ago Cybersecuritynews.com

VMware fixes critical Cloud Director auth bypass unpatched for 2 weeks - VMware has fixed a critical authentication bypass vulnerability in Cloud Director appliance deployments, a bug that was left unpatched for over two weeks since it was disclosed on November 14th. Cloud Director is a VMware platform that enables admins ...
1 year ago Bleepingcomputer.com CVE-2023-34060

Broadcom fixes three VMware zero-days exploited in attacks - CVE-2025-22225 is an ESXi arbitrary write vulnerability that allows the VMX process to trigger arbitrary kernel writes, leading to a sandbox escape, while CVE-2025-22226 is described as an HGFS information-disclosure flaw that lets threat actors with ...
4 months ago Bleepingcomputer.com CVE-2025-22225

VMware Patches Vulnerabilities Exploited at Pwn2Own 2024 - Broadcom-owned VMware on Tuesday published a security advisory to inform Workstation and Fusion customers that patches are available for vulnerabilities exploited earlier this year at the Pwn2Own hacking competition. It's worth noting that VMware ...
1 year ago Securityweek.com CVE-2024-22267 CVE-2024-22269 CVE-2024-22270

Investigation of Possible Causes of ESXiArgs Ransomware Attacks Suggests VMware is Not at Fault - Edward Hawkins, the High-Profile Product Incident Response Manager at VMware, has denied allegations that two-year-old security flaws have been used in the current ESXiArgs ransomware attacks. Over the weekend, reports surfaced about cybercriminals ...
2 years ago Hackread.com CVE-2021-21974

VMWare discloses critical VCD Appliance auth bypass with no patch - VMware disclosed a critical and unpatched authentication bypass vulnerability affecting Cloud Director appliance deployments. Cloud Director enables VMware admins to manage their organizations' cloud services as part of Virtual Data Centers. The auth ...
1 year ago Bleepingcomputer.com CVE-2023-34060

VMware Tools for Windows Vulnerability Let Attackers Bypass Authentication - According to the security advisory VMSA-2025-0005, the authentication bypass vulnerability stems from improper access control in the VMware Tools for Windows utilities suite. In response to this vulnerability, cybersecurity experts recommend that ...
4 months ago Cybersecuritynews.com CVE-2025-22230

VMware fixes three zero-day bugs exploited at Pwn2Own 2024 - VMware fixed four security vulnerabilities in the Workstation and Fusion desktop hypervisors, including three zero-days exploited during the Pwn2Own Vancouver 2024 hacking contest. The most severe flaw patched today is CVE-2024-22267, a ...
1 year ago Bleepingcomputer.com CVE-2024-22267 CVE-2024-22269 CVE-2024-22270

VMware warns admins of public exploit for vRealize RCE flaw - VMware warned customers on Monday that proof-of-concept exploit code is now available for an authentication bypass flaw in vRealize Log Insight. "Updated VMSA to note that VMware has confirmed that exploit code for CVE-2023-34051 has been published," ...
1 year ago Bleepingcomputer.com CVE-2023-34051

VMware fixes critical code execution flaw in vCenter Server - VMware issued security updates to fix a critical vCenter Server vulnerability that can be exploited to gain remote code execution attacks on vulnerable servers. vCenter Server is the central management hub for VMware's vSphere suite, and it helps ...
1 year ago Bleepingcomputer.com CVE-2023-34048 CVE-2023-34056

CISA tags Broadcom Fabric OS, CommVault flaws as exploited in attacks - The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning of Broadcom Brocade Fabric OS, Commvault web servers, and Qualitia Active! Mail clients vulnerabilities that are actively exploited in attacks. The flaws were added ...
2 months ago Bleepingcomputer.com CVE-2025-42599

Russians break into Microsoft as Chinese hit VMware users The Register - A VMware security vulnerability has been exploited by Chinese cyberspies since late 2021, according to Mandiant, in what has been a busy week for nation-state espionage news. On Friday VMware confirmed CVE-2023-34048, a critical out-of-bounds write ...
1 year ago Go.theregister.com CVE-2023-34048 Hunters

Bitwarden's new auto-fill option adds phishing resistance - The Bitwarden open-source password management service has introduced a new inline auto-fill menu that addresses the risk of user credentials being stolen through malicious form fields. The issue was highlighted nearly a year ago when Flashpoint ...
1 year ago Bleepingcomputer.com LockBit

Critical VMware Tools VGAuth Vulnerabilities Enable Full System Access for Attackers - Two critical vulnerabilities in the VMware Guest Authentication Service (VGAuth) component of VMware Tools allow local attackers to escalate privileges from any user account to SYSTEM-level access on Windows virtual machines. CVE-2025-22247 received ...
1 day ago Cybersecuritynews.com CVE-2025-22247

Chinese threat group exploited VMware vulnerability in 2021 - A critical VMware vulnerability that was patched in October was exploited in the wild two years ago by a China-nexus threat actor, according to new research from Mandiant. On Oct. 25, VMware first disclosed an out-of-bounds write vulnerability ...
1 year ago Techtarget.com CVE-2023-34048 CVE-2023-34056 CVE-2023-20867

VMware urges admins to remove deprecated, vulnerable auth plug-in - VMware urged admins today to remove a discontinued authentication plugin exposed to authentication relay and session hijack attacks in Windows domain environments via two security vulnerabilities left unpatched. The vulnerable VMware Enhanced ...
1 year ago Bleepingcomputer.com CVE-2024-22245 CVE-2024-22250

VMware Tools Vulnerability Let Attackers Tamper Files to Trigger Malicious Operations - This latest security issue follows several other VMware vulnerabilities addressed earlier this year, including a critical TOCTOU vulnerability (CVE-2025-22224) affecting VMware ESXi and Workstation that could lead to out-of-bounds write and potential ...
2 months ago Cybersecuritynews.com CVE-2025-22224

Apple Releases Updates for Older Devices in 2021 - Apple released updates to many of its older devices in 2021, including the iPhones, iPads, and Macs. The updates are to address security vulnerabilities that were discovered in the company's older devices. Apple has previously released several ...
2 years ago Thehackernews.com

CVE-2010-1138 - The virtual networking stack in VMware Workstation 7.0 before 7.0.1 build 227600, VMware Workstation 6.5.x before 6.5.4 build 246459 on Windows, VMware Player 3.0 before 3.0.1 build 227600, VMware Player 2.5.x before 2.5.4 build 246459 on Windows, ...
12 years ago