CyberHappenings logo
☰
🏠 Home πŸ“‚ Browse ℹ️ About

Track cybersecurity events as they unfold. Sourced timelines, daily updates. Fast, privacy‑respecting. No ads, no tracking.

Supermicro BMC Firmware Vulnerabilities Allow Firmware Tampering

First reported
Last updated
πŸ“° 1 unique sources, 1 articles

Summary

Hide β–²

Two new vulnerabilities in Supermicro Baseboard Management Controller (BMC) firmware allow attackers to bypass verification steps and update the system with malicious firmware. The flaws, CVE-2025-7937 and CVE-2025-6198, exploit weaknesses in the firmware verification logic to evade the Root of Trust (RoT) security feature. These vulnerabilities could enable attackers to gain persistent control over the BMC system and the main server OS. The issues were discovered by Binarly and affect multiple Supermicro products. The vulnerabilities stem from improper verification of cryptographic signatures, allowing attackers to redirect the firmware update process to fake tables and load malicious images.

Timeline

  1. 23.09.2025 21:00 πŸ“° 1 articles Β· ⏱ 21h ago

    Two New Supermicro BMC Firmware Vulnerabilities Disclosed

    Two new vulnerabilities in Supermicro BMC firmware, CVE-2025-7937 and CVE-2025-6198, have been disclosed. These flaws allow attackers to bypass the firmware verification logic and update the system with malicious firmware, potentially gaining persistent control over the BMC system and the main server OS. The vulnerabilities were discovered by Binarly and affect multiple Supermicro products. CVE-2025-7937 is a bypass for CVE-2024-10237, which was disclosed earlier. The flaws exploit weaknesses in the firmware verification logic to evade the Root of Trust (RoT) security feature.

    Show sources
    Open in new tab

Information Snippets