VMware Secured Download Changes

Post published:March 26, 2025
Post category:Blog / Virtualization

Broadcom is changing how you download VMware software and here’s what YOU need to know

Starting March 24, Broadcom is making a major change that affects all VMware customers effective immediately. Downloading VMware software updates and patches (like ESXi, vCenter, NSX, etc) will require authentication via a unique token.
By April 23, the old download URLs will stop working entirely.

So, what’s really changing?

Broadcom is consolidating all VMware software downloads into a single site and you will need to generate a Download Token from the Broadcom Support Portal in order to have access to the following:

In-product update URLs (vCenter, VAMI, Lifecycle Manager, etc.)
Custom scripts or automation that fetch VMware binaries
Tools like UMDS or SDDC Manager in VCF environments

This brings VMware in line with modern security practices—ensuring only entitled customers access software updates, reducing public exposure, and adding traceability.

What you need to do:

Generate Your Token – Log into Broadcom Support and request a token tied to your entitlement.
Update Your Products – Manually (or using Broadcom’s provided PowerCLI script) change the update URLs in your VMware tools to point to the new site with your token embedded.
Revise Your Scripts – Any automation or third-party tools pulling updates from legacy URLs will break—update them to use the new token-authenticated endpoints.
Test Early – Don’t wait until April 23. Test now while legacy URLs still work to ensure a smooth transition.

Why it matters:

Failing to update these configurations means your systems will stop receiving patches, which will create major vulnerability risks.
This also tightens compliance in case that your VMware support contract lapses, then your download access will be automatically restricted immediately as well.

This isn’t just a technical change, but it’s an operational one. Now more than ever VMware by Broadcom is making sure that its customer stay on top of renewals to avoid any type of service disruptions (support, patching, etc).

Hock Tan did promise to continue supporting zero-day patches for customers still running perpetual licenses for at least 1-year post-acquisition and he stood by his word.

Official VMware by Broadcom announcement here

Tags: cybersecurity, downloads, esxi, nsx, patches, patching, ransomware, security, token, vcenter, vcf, vmware, vsphere, vulnerability

You Might Also Like

AWS outage = instant multi-cloud approach?

Register for VMware’s Anywhere Workspace global launch event on May 5 & 6!

VMware ESXi Round Robin Path Selection with Pure Storage