Ddos 
According to an exclusive report by tech outlet The Register, Broadcom is now restricting customers holding perpetual VMware licenses from downloading security updates—leaving them increasingly vulnerable to cyberattacks due to the inability to apply timely patches.
Broadcom has stated that security updates made available through the VMware support portal are now exclusively reserved for customers with active support contracts. To obtain such a contract, however, clients must enter into a subscription-based agreement with Broadcom. Holders of perpetual licenses are ineligible to sign these contracts.
Without a support agreement in place, these customers are effectively barred from accessing critical security updates. According to Broadcom’s support team, perpetual license holders may be forced to wait up to 90 days for access to patches. These so-called “unauthorized customers” will be placed on a separate delivery schedule for updates—though the exact timeline remains unspecified.
Notably, Broadcom refers to customers with perpetual licenses as “unauthorized,” despite the fact that these licenses were legally obtained prior to Broadcom’s acquisition of VMware. In the absence of a subscription and support contract, such customers are now excluded from the timely receipt of security updates.
From the customer’s perspective, Broadcom’s current policy appears to be a coercive strategy aimed at forcing enterprises to pay additional fees for subscriptions and support contracts—effectively rendering their perpetual licenses obsolete. Without access to security updates, continuing to use VMware products introduces significant risk to organizational security.
Typically, Broadcom releases security patches to address critical vulnerabilities. Once made public, attackers often reverse-engineer these patches to uncover exploit details. If VMware instances remain unpatched, adversaries can weaponize these vulnerabilities to target legacy deployments.
Ultimately, organizations are left with a difficult choice: either invest in Broadcom’s subscription-based model and sign a support agreement, or migrate to alternative virtualization platforms. Continuing to rely on VMware without access to timely updates poses substantial risks, potentially leading to severe consequences for both companies and their customers.
Of particular note, in June 2025, a Dutch court issued a ruling compelling Broadcom to provide at least two years of software support to the Netherlands’ Ministry of Infrastructure and Water Management (RWS). Broadcom is legally obligated to comply or face serious repercussions.
The court’s decision was based on the fact that RWS had purchased perpetual VMware licenses and had relied on them for over 15 years. Broadcom’s insistence that RWS sign new subscription and support contracts to receive updates was projected to increase RWS’s costs by 85%, prompting the ministry to take legal action.
The court ultimately mandated that Broadcom continue providing software support for a two-year transition period, allowing RWS sufficient time to migrate to alternative platforms. Failure to comply could result in penalties of up to €25 million.
Related Posts:
- CapCut’s New Terms: ByteDance Gains Perpetual Rights to User Content, Likeness, & Voice Globally
- PoisonSeed Campaign: Uncovering a Web of Cryptocurrency and Email Provider Attacks
- From Magecart Mayhem to Ransomware Revamp: Inside ESET’s H2 2023 Cyber Threatscape
- The EU unease about Broadcom attempts to buy Qualcomm: Privacy data may be leaked
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
