Vxrail Security Update still missing after 28 days / VMSA-2025-0013 CVSS Score > 9

Hi,

Thanks for your question.

https://www.dell.com/support/kbdoc/en-us/000343605 covers it

Let us know if you have any additional questions.

@DELL-Josh Cr​ 

Hi Josh, 

I've looked through the article. 

"VxRail Engineering is working on an updated VxRail Software 8.0.3xx release which includes the ESXi build to fix the issue described in VMSA-2025-0013."

Is Dell able to provide an estimated date for the 8.0.3xx release?

Thanks,

Joe

No, we don't give estimates on future updates in case there are delays. 

Hi, 

thanks for your reply. I will then manually patch the esxi hosts.

I still think it's a bit disappointing that Dell is on the one hand supporting this esxi release but isn't pushing the esxi-patch via VxRail (without firmware, etc).
We pay a lot of money for VxRail support to have an easy update mechanism and now I have to fall back to a different manual upgrade procedure. 

We are currently discussing what we will do after our maintenance ends. Not having critical fixes in a timely manner and increasing prices are a strong argument for moving away from VxRail....  

Kind regards, 

Volker

Hi;

8.0.360 is ready for use. We had a smooth transition.

https://www.dell.com/support/manuals/en-us/vxrail-software/vxrail_release_notes_8.0/revision-history?guid=guid-6fc284b5-c5f9-465f-bd72-4981e29aa150&lang=en-us

King regards.

Hi,

I just saw the following in the release notes - I hope this way it will be possible to get security fixes faster:

Lifecycle Management:

• Support for directly applying VMware ESXi Express patch acquired from Broadcom for the fastest security responsiveness using VxRail UI or API. The following are the advantages of applying the VMware ESXi Express patch:
  • Bypasses 14-day SimShip dependency
  • A streamlined experience through VxRail Manager that does not require Support assistance. This provides the upgrade control necessary to address VMware ESXi vulnerabilities when Broadcom releases a VMware ESXi Express patch.

Did 8.0.360 get pulled? As it's not available as a download anymore.

I think it was withdrawn because of this KB. 

https://www.dell.com/support/kbdoc/en-us/000356213

We migrated 8.0.360 to our systems yesterday and didn't have this problem, I hope we won't regret it.

@Omer Faruk​ Thanks Omer, hope it gets fixed fast.

@DELL-Josh Cr​ Hi Josh, Do you have any information on why 8.0.360 got pulled and if we can expect it to be republished anytime soon?

Hi, 

I had a support case open because I had an issue uploading the 8.0.360 package to VxRail.

The support told me that the update was accidently released too early and that the actual release was planned for the 18.08. 

As of August 18, 2025 there still isn't a release...

Hi alan;

CVE details for the new package are given in the Advisories bulletin. I think it should be in the repos in a few hours. We were one of the first to get the package when they released it early. We haven't observed anything abnormal in our cluster, but it still makes me nervous that the package is being withdrawn. Let's see if there will be a change in the release notes.

https://www.dell.com/support/kbdoc/en-us/000358419/dsa-2025-317-security-update-for-dell-vxrail-for-multiple-third-party-component-vulnerabilities

From release notes, I think we can wait a bit more for a repost unfortunately.

"VxRail 8.0.360 has been removed from the online support portal. During VCF testing, an issue was identified in the VxRail 8.0.360 bundle that needed to be resolved for VCF support of this VxRail release."

Hey, there is a new version 8.0.361 available. Hopefully it will be ok and not removed again