Supermicro’s BMC Blunders: Firmware Flaw Follies Strike Again!

Supermicro has patched two BMC vulnerabilities, including CVE-2024-10237, that could allow malicious firmware updates. A previously bypassed patch led to a new identifier, CVE-2025-7937, while another flaw, CVE-2025-6198, was also patched. Despite no evidence of active exploits, these vulnerabilities pose significant risks to enterprises.

3P
Published: September 23, 2025 6:03 pmAdded: September 23, 2025 at 11:29 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Supermicro’s latest firmware patch saga is like a game of cybersecurity whack-a-mole. Just when they thought they patched one hole, another one pops up, proving once again that the Baseboard Management Controller (BMC) is like your grandma’s old couch – full of surprises and possibly a nesting ground for mischief-makers.

Key Points:

– Supermicro has patched two BMC vulnerabilities that could lead to malicious firmware updates.
– One vulnerability stems from a previously bypassed patch, now re-categorized as CVE-2025-7937.
– A second, similar vulnerability identified as CVE-2025-6198 was also patched.
– No evidence of real-world exploitation has been found for these vulnerabilities.
– Successful exploits could give attackers persistent control over BMC and the operating system.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?