Merge pull request #299318 from rvandenbedem/patch-27

prmerger-automator[bot] · web-flow · commit 8182baec7888 · 2025-05-05T11:57:56.000Z
Update azure-vmware-solution-known-issues.md
diff --git a/articles/azure-vmware/azure-vmware-solution-known-issues.md b/articles/azure-vmware/azure-vmware-solution-known-issues.md
@@ -4,7 +4,7 @@ description: This article provides details about the known issues of Azure VMwar
 ms.topic: reference
 ms.custom: "engagement-fy23"
 ms.service: azure-vmware
-ms.date: 4/19/2025
+ms.date: 5/5/2025
 ---
 
 # Known issues: Azure VMware Solution
@@ -15,7 +15,7 @@ Refer to the table to find details about resolution dates or possible workaround
 
 |Issue | Date discovered | Workaround | Date resolved |
 | :------------------------------------- | :------------ | :------------- | :------------- |
-|[VMSA-2025-0005](https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsupport.broadcom.com%2Fweb%2Fecx%2Fsupport-content-notification%2F-%2Fexternal%2Fcontent%2FSecurityAdvisories%2F0%2F25518&data=05%7C02%7Cjacobjaygbay%40microsoft.com%7C63a10c374bad4e1e21ca08dd88002ad4%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C638816256483262655%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=U4GruR4roReR8NNKCd8vT%2BqP5117ROHVHU9hikBWH8w%3D&reserved=0) VMware Tools for Windows update addresses an authentication bypass vulnerability (CVE-2025-22230). | April 2025 |To remediate CVE-2025-22230, apply version 12.5.1 of VMware Tools, use the RUN Command ``Set-Tools-Repo.`` | May 2025 |
+|[VMSA-2025-0005](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25518) VMware Tools for Windows update addresses an authentication bypass vulnerability (CVE-2025-22230). | April 2025 | To remediate CVE-2025-22230, apply version 12.5.1 of VMware Tools, use the Azure VMware Solution Run command ``Set-Tools-Repo.`` | May 2025 |
 | If you're a user of AV64, you may notice a “Status of other hardware objects” alarm on your hosts in vCenter Server. This alarm doesn't indicate a hardware issue. It's triggered when the System Event Log (SEL) reaches its capacity threshold according to vCenter Server. Despite the alarm, the host remains healthy with no hardware-related error signatures detected, and no high availability (HA) events are expected as a result. It's safe to continue operating your private cloud without interruption. The alarm has only two possible states—green and red—with no intermediate warning state. Once the status changes to red, it will remain red even if conditions improve to what would typically qualify as a warning. | April 2025 | This alarm should be treated as a warning and won't affect operability of your private cloud. Microsoft adjusts thresholds for the alarm, so it doesn't alert in vCenter Server. | May 2025 |
 | After deploying an AV48 private cloud, you may see a High pNIC error rate detected. Check the host's vSAN performance view for details if alert is active in the vSphere Client.  | April 2025  | The alert should be considered an informational message, since Microsoft manages the service. Select the **Reset to Green** link to clear it. | April 2025 |
 | [VMSA-2025-0004](https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390) VMCI Heap-overflow, ESXi arbitrary write, and Information disclosure vulnerabilities | March 2025 | Microsoft has verified the applicability of the vulnerabilities within the Azure VMware Solution service and have adjudicated the vulnerabilities at a combined adjusted Environmental Score of [9.4](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/MAC:L/MPR:N/MUI:N/MS:C/MC:H/MI:H/MA:H). Customers are advised to take additional precautions when granting administrative access to, and monitor any administrative activities on, guest VMs until the update is fully addressed. For additional information on the vulnerability and Microsoft’s involvement, please see [this blog post](https://techcommunity.microsoft.com/blog/azuremigrationblog/azure-vmware-solution-broadcom-vmsa-2025-0004-remediation/4388074). (CVE-2025-22224, CVE-2025-22225, CVE-2025-22226) | March 2025 - Resolved in [ESXi 8.0_U2d](https://techdocs.broadcom.com/us/en/vmware-cis/vsphere/vsphere/8-0/release-notes/esxi-update-and-patch-release-notes/vsphere-esxi-80u2d-release-notes.html) |
