Cybersecurity researchers disclosed two critical vulnerabilities (CVE-2025-7937 and CVE-2025-6198) in Supermicro’s Baseboard Management Controller (BMC) firmware, stemming from improper cryptographic signature verification. These flaws allow attackers to bypass the Root of Trust (RoT) 1.0 and Signing Table validation mechanisms, enabling the deployment of malicious firmware updates via manipulated 'fwmap' or 'sig_table' entries. Exploitation could grant adversaries persistent, full control over the BMC and the host server’s OS, undermining the entire system’s integrity.The vulnerabilities build upon prior flaws (e.g., CVE-2024-10237), which Supermicro’s patches failed to fully mitigate. Researchers demonstrated that attackers could insert custom firmware regions, relocate signed content to unused memory, and maintain valid cryptographic hashes—effectively tricking the system into accepting malicious updates. Worse, CVE-2025-6198 bypasses hardware RoT protections, meaning a leaked signing key could compromise Supermicro’s entire ecosystem. Given the BMC’s role in managing servers (including those in data centers, cloud infrastructure, and critical enterprises), successful exploitation risks large-scale supply chain attacks, enabling lateral movement, data theft, or sabotage across dependent organizations.The flaws highlight systemic risks in firmware security, particularly the reuse of cryptographic keys (e.g., past incidents like *PKfail* or *Intel Boot Guard leaks*), which could amplify the attack’s reach. While no active exploitation has been reported, the potential for persistent, stealthy compromise of enterprise hardware poses severe operational and reputational threats to Supermicro and its customers.
Source: https://thehackernews.com/2025/09/two-new-supermicro-bmc-bugs-allow.html
TPRM report: https://www.rankiteo.com/company/supermicro-uk
"id": "sup3490134110725",
"linkid": "supermicro-uk",
"type": "Vulnerability",
"date": "6/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Technology (Server Hardware)',
'location': 'San Jose, California, USA',
'name': 'Supermicro',
'type': 'Hardware Manufacturer'}],
'attack_vector': ['Local (Physical Access or Privileged Network Access)',
'Firmware Manipulation'],
'customer_advisories': ['Supermicro customers advised to monitor for firmware '
'updates and apply patches once available.'],
'description': 'Cybersecurity researchers disclosed two medium-severity '
'vulnerabilities (CVE-2025-7937 and CVE-2025-6198) in '
'Supermicro Baseboard Management Controller (BMC) firmware '
'that allow attackers to bypass cryptographic signature '
'verification during firmware updates. The flaws stem from '
"improper validation of the 'fwmap' and 'sig_table' tables, "
'enabling attackers to redirect the system to fake tables in '
'unsigned regions and update the firmware with malicious '
'images. These vulnerabilities could grant persistent control '
'over the BMC and main server OS. The issues were discovered '
'by Binarly, with CVE-2025-7937 identified as a bypass for a '
'previously patched flaw (CVE-2024-10237).',
'impact': {'brand_reputation_impact': ['Potential erosion of trust in '
'Supermicro firmware security',
'Risk of industry-wide impact due to '
'signing key reuse'],
'operational_impact': ['Persistent control of BMC system',
'Persistent control of main server OS',
'Potential for arbitrary code execution in '
'BMC context'],
'systems_affected': ['Supermicro BMC firmware (Root of Trust 1.0)',
'X13SEM-F motherboard',
'BMC SPI flash chip']},
'initial_access_broker': {'backdoors_established': ['Persistent control of '
'BMC system',
'Persistent control of '
'main server OS'],
'entry_point': ['Physical access to BMC',
'Privileged network access to BMC',
'Crafted firmware image upload'],
'high_value_targets': ['BMC SPI flash chip',
'Firmware validation logic',
'Root of Trust (RoT) '
'mechanisms']},
'investigation_status': 'Ongoing (disclosed by Binarly; Supermicro response '
'pending)',
'lessons_learned': ['Insufficient fixes for previously patched '
'vulnerabilities can reintroduce risks (e.g., '
'CVE-2025-7937 bypassing CVE-2024-10237).',
'Reuse of cryptographic signing keys across product lines '
'poses industry-wide risks (e.g., potential impact from '
'key leaks).',
'Firmware validation logic must account for manipulation '
"of embedded tables (e.g., 'fwmap', 'sig_table') in "
'unsigned regions.',
'Hardware Root of Trust (RoT) implementations require '
'rigorous testing to prevent bypass techniques.'],
'post_incident_analysis': {'corrective_actions': ['Develop and deploy patches '
'for CVE-2025-7937 and '
'CVE-2025-6198.',
'Reevaluate and strengthen '
'firmware validation logic '
'to prevent table '
'manipulation.',
'Implement signing key '
'rotation policies to '
'mitigate risks from key '
'leaks.',
'Conduct red-team exercises '
'to test BMC firmware '
'update processes for '
'bypass vulnerabilities.'],
'root_causes': ['Improper verification of '
'cryptographic signatures in '
'firmware validation logic.',
'Insufficient fixes for previously '
'disclosed vulnerabilities (e.g., '
'CVE-2024-10237).',
'Manipulable embedded tables '
"('fwmap', 'sig_table') in "
'unsigned firmware regions.',
'Over-reliance on static signing '
'keys without rotation per product '
'line.']},
'recommendations': ['Rotate signing keys per product line to mitigate risks '
'from key leaks (e.g., lessons from PKfail and Intel Boot '
'Guard incidents).',
'Enhance firmware validation processes to prevent '
"manipulation of embedded tables (e.g., 'fwmap', "
"'sig_table').",
'Conduct thorough security audits of firmware update '
'mechanisms, including validation logic and cryptographic '
'checks.',
'Implement defense-in-depth strategies for BMC security, '
'such as additional integrity checks and runtime '
'monitoring.',
'Collaborate with third-party researchers (e.g., Binarly) '
'for independent validation of firmware security fixes.'],
'references': [{'source': 'The Hacker News'},
{'source': 'Binarly Research Report'},
{'source': 'Supermicro Security Advisory (CVE-2024-10237, '
'CVE-2024-10238, CVE-2024-10239)'}],
'response': {'remediation_measures': ['Firmware patches (status unclear)',
'Recommendation to rotate signing keys '
'per product line'],
'third_party_assistance': ['Binarly (discovery and reporting)',
'NVIDIA (initial discovery of related '
'vulnerabilities)']},
'title': 'Supermicro BMC Firmware Verification Bypass Vulnerabilities '
'(CVE-2025-7937, CVE-2025-6198)',
'type': ['Vulnerability Disclosure',
'Firmware Exploitation',
'Cryptographic Bypass'],
'vulnerability_exploited': [{'affected_component': 'BMC SPI flash chip '
'validation process',
'cve_id': 'CVE-2025-7937',
'cvss_score': 6.6,
'description': 'Bypass of Supermicro BMC '
'firmware verification logic '
'(Root of Trust 1.0) via a fake '
"'fwmap' table in the unsigned "
'region of a crafted firmware '
'image.',
'severity': 'Medium'},
{'affected_component': 'auth_bmc_sig function in '
'firmware validation logic',
'cve_id': 'CVE-2025-6198',
'cvss_score': 6.4,
'description': 'Bypass of Supermicro BMC '
'firmware verification logic '
'(Signing Table) via a fake '
"'sig_table' in the unsigned "
'region of a crafted firmware '
'image, circumventing the BMC '
'Root of Trust (RoT) security '
'feature.',
'severity': 'Medium'},
{'affected_component': 'BMC firmware validation '
'process',
'cve_id': 'CVE-2024-10237',
'description': 'Logical flaw in firmware '
'validation allowing BMC SPI chip '
'reflashing with a malicious '
'image (originally discovered by '
'NVIDIA).'},
{'affected_component': 'Firmware image '
'verification function',
'cve_id': 'CVE-2024-10238',
'description': 'Stack overflow in firmware image '
'verification function, enabling '
'arbitrary code execution in BMC '
'context.'},
{'affected_component': 'Firmware image '
'verification function',
'cve_id': 'CVE-2024-10239',
'description': 'Stack overflow in firmware image '
'verification function, enabling '
'arbitrary code execution in BMC '
'context.'}]}