Use the update command rather than install . The update command preserves existing newer drivers, whereas install overwrites the image completely.
Use the vSphere Client to upload the .zip file to a datastore accessible by the host. Enter Maintenance Mode: esxcli system maintenanceMode set --enable true Use code with caution. Copied to clipboard
For instance, in July 2025, Broadcom released , which detailed a series of critical flaws in ESXi 7.x and 8.x. Among the vulnerabilities patched were a heap-overflow in the PVSCSI controller (CVE-2025-41238) and an integer-overflow in the VMXNET3 virtual network adapter (CVE-2025-41236) , both of which could lead to remote code execution or an out-of-bounds write, significantly compromising the hypervisor.
Patches are supported provided they do not cross a VMware ESXi "update" release (for 8.0 and older) or a VMware ESXi "minor" release (for 9.0 and newer), nor install drivers that conflict with the HPE software release. Updated HPE Add-Ons and SPPs are not required to update the VMware base image. If VMware releases a patch, the patch can be installed directly without any changes to the HPE Add-On and SPP, provided the conditions above are met. This is considered supported even if the patch is not listed in the tables of HPE Recommended vLCM Desired Image Definitions for ProLiant. hpe custom image for esxi patched
Select the desired base ESXi version (e.g., ESXi 8.0 Update 2 patched).
Check that critical storage and network drivers were not reverted to generic versions. esxcli software vib list | grep -i hpe Use code with caution.
Use the update command (which preserves existing drivers) rather than install (which overwrites them). Use the update command rather than install
Import the latest HPE Custom Image ISO or the HPE Vendor Addon ZIP package into the vLCM depot. Edit the cluster's image definition.
By 03:30 UTC, all five hosts in the cluster were patched. The USB arbitrator vulnerability was closed. Sasha checked the critical metrics:
If you already use a custom image, it is recommended to upgrade ESXi using the custom image only. This practice will preserve the additional VIBs/drivers added by HPE. If you have vCenter Server in place, and assuming you have more than a single host, you can update/upgrade ESXi using the single image-based update method per cluster. Patches are supported provided they do not cross
Navigating HPE Custom Images for ESXi: Deploying, Patching, and Version Control
The progress bar crawled. In his mind, he saw the layers merging: the rock-solid VMware kernel meeting the surgical precision of HPE’s Smart Array drivers. It was a custom-stitched suit for a giant. The screen flashed green. Compliant.