Supermicro Security Slip-Up: Firmware Flaws Leave BMC Vulnerable to Hacker Shenanigans

Two security vulnerabilities in Supermicro Baseboard Management Controller firmware have been revealed, enabling attackers to bypass crucial verification steps with a specially crafted image. These vulnerabilities, CVE-2025-7937 and CVE-2025-6198, stem from improper cryptographic signature verification, potentially allowing for unauthorized firmware updates and leading to complete control over the system.

3P
Published: September 23, 2025 6:46 pmAdded: September 23, 2025 at 11:57 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Who knew that “Root of Trust” was more like “Root of Rust”? Supermicro’s BMC firmware is about as secure as a screen door on a submarine, and hackers are diving right in! It’s time for Supermicro to Superfix their vulnerabilities before their systems become the next cyber colander.

Key Points:

– Two medium-severity vulnerabilities (CVE-2025-7937 and CVE-2025-6198) found in Supermicro’s BMC firmware.
– Both vulnerabilities involve bypassing cryptographic signature verification, allowing unauthorized firmware updates.
– CVE-2025-7937 is a bypass for a previously disclosed vulnerability, CVE-2024-10237.
– Successful exploitation can grant attackers persistent control over BMC systems and potentially main server OS.
– Research suggests Supermicro’s Root of Trust is not as secure as previously claimed.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?