Merge pull request #301225 from Zsoldier/master

Update azure-vmware-solution-known-issues.md

Author: prmerger-automator[bot]

articles/azure-vmware/azure-vmware-solution-known-issues.md

@@ -17,7 +17,7 @@ Refer to the table to find details about resolution dates or possible workaround
 | :------------------------------------- | :------------ | :------------- | :------------- |
 | AV64 hosts running vSAN Express Storage Architecture (ESA), may see a High pNIC errors due to buffer overflows. [Getting alarm in relation to "High pNic error rate detected" on hosts in vSAN clusters when using Mellanox NICs](https://knowledge.broadcom.com/external/article/392333/getting-alarm-in-relation-to-high-pnic-e.html) | June 2025 |  The alert should be considered an informational message, since Microsoft manages the service. Select the **Reset to Green** link to clear it. |
 |[VMSA-2025-0012](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25738) Multiple vulnerabilities (CVE-2025-22243, CVE-2025-22244, CVE-2025-22245) have been identified in VMware NSX. | May 2025 | The vulnerability described in the Broadcom document does not apply to Azure VMware Solution due to existing compensating controls mitigate the risk of exploitation. | The upcoming version of NSX will include a patch to address this vulnerability. |
-|[VMSA-2025-0010](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717) Multiple vulnerabilities (CVE-2025-41225, CVE-2025-41226, CVE-2025-41227, CVE-2025-41228) have been identified in VMware ESXi and vCenter Server. | May 2025 | Microsoft, in collaboration with Broadcom/VMware, has confirmed the applicability of these vulnerabilities to Azure VMware Solution (AVS). Existing security controls, including cloudadmin role restrictions and network isolation, are deemed to significantly mitigate the impact of these vulnerabilities prior to official patching. The vulnerabilities have been adjudicated with a combined adjusted Environmental Score of [6.8](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/MAC:L/MPR:N/MUI:N/MS:C/MC:H/MI:H/MA:H) within the Azure VMware Solution. Until the update is fully addressed, customers are advised to exercise additional caution when granting administrative access to guest virtual machines and to actively monitor any administrative activities performed on them. | N/A |
+|[VMSA-2025-0010](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25717) Multiple vulnerabilities (CVE-2025-41225, CVE-2025-41226, CVE-2025-41227, CVE-2025-41228) have been identified in VMware ESXi and vCenter Server. | May 2025 | Microsoft, in collaboration with Broadcom/VMware, has confirmed the applicability of these vulnerabilities to Azure VMware Solution (AVS). Existing security controls, including cloudadmin role restrictions and network isolation, are deemed to significantly mitigate the impact of these vulnerabilities prior to official patching. The vulnerabilities have been adjudicated with a combined adjusted Environmental Score of [6.8](https://www.first.org/cvss/calculator/3-1#CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H) within the Azure VMware Solution. Until the update is fully addressed, customers are advised to exercise additional caution when granting administrative access to guest virtual machines and to actively monitor any administrative activities performed on them. | N/A |
 |[VMSA-2025-0007](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25683) VMware Tools update addresses an insecure file handling vulnerability (CVE-2025-22247). | May 2025 | To remediate CVE-2025-22247, apply version 12.5.2 of VMware Tools, use the Azure VMware Solution Run command ``Set-Tools-Repo.`` | May 2025 |
 | ESXi hosts may experience operational issues if NSX Layer-2 DFW default rule logging is enabled. More information can be obtained in this Knowledge Base article from Broadcom: [ESXi hosts may experience operational issues if L2 DFW default rule logging is enabled.](https://knowledge.broadcom.com/external/article/326455/esxi-hosts-may-experience-operational-is.html) | May 2025 | It is not recommended to enable logging on the default Layer-2 DFW rule in a Production environment for any sustained period of time. If logging must be enabled on an L2 rule, it is advised to create a new L2 rule specific to the traffic flow in question and enable logging on that rule only. Please see [Broadcom Knowledge Base Article 326455.](https://knowledge.broadcom.com/external/article/326455/esxi-hosts-may-experience-operational-is.html).| N/A |
 | With VMware HCX versions 4.10.3 and earlier, attempts to download upgrade bundles or the Connector OVA directly from the HCX Manager UI (port 443) fail due to the decommissioning of the external image depot server. More information can be obtained in this Knowledge Base article from Broadcom: [Upgrade Bundle Download from 443 UI will Fail in All HCX versions prior to 4.11](https://knowledge.broadcom.com/external/article/395372)| April 2025 | We will begin upgrading all Azure VMware Solution customers to HCX 4.11.0 in the coming weeks, this will provide customers with access to the HCX Connector upgrade bundles, which will be stored on their vSAN datastore. Until then, all customers will need to submit a support request (SR) to obtain the required upgrade bundles. | May 2025 |