• Customer has configured HCX with or without Mobility Agents in their environment.
• Security scans run to test datacenter vulnerabilities flag the mobility agents as running on ESX build: 24416880
• The CVE mentioned in the scanner report is  similar to the below:
  • The version of VMware ESXi installed on the remote host is 7.0.x prior to 7.0 Update 3v or 8.0.x prior to 8.0 Update 3e. It is, therefore, affected by multiple vulnerabilities as referenced in the VMSA-2025-0010 advisory.

HCX 4.11.x

• ESX build number 24416880 is given by the IX appliance for the purposes of migrations that require the Mobility Agent to be deployed. 
• This would be considered a false positive, as this particular build exists solely to act as an ESX proxy by the HCX Mobility agent, and an ESXi host could never be deployed or upgraded to this build. 
• The services being flagged by the security scanner do not actually exist on the IX appliance, as they would if this was not just a proxy. 

1. File an exception for the IX's due to the false positive
   
   OR
   
   
2. Open a ticket with Broadcom for a temporary fix. The fix only lasts until the next migration is kicked off. There is no permanent work around.