Cybersecurity researchers have disclosed particulars of two safety vulnerabilities impacting Supermicro Baseboard Administration Controller (BMC) firmware that might probably permit attackers to bypass essential verification steps and replace the system with a specifically crafted picture.
The medium-severity vulnerabilities, each of which stem from improper verification of a cryptographic signature, are listed under –
- CVE-2025-7937 (CVSS rating: 6.6) – A crafted firmware picture can bypass the Supermicro BMC firmware verification logic of Root of Belief (RoT) 1.0 to replace the system firmware by redirecting this system to a faux “fwmap” desk within the unsigned area
- CVE-2025-6198 (CVSS rating: 6.4) – A crafted firmware picture can bypass the Supermicro BMC firmware verification logic of the Signing Desk to replace the system firmware by redirecting this system to a faux signing desk (“sig_table”) within the unsigned area
The picture validation course of carried out throughout a firmware replace takes place over three steps: Retrieve the general public key from the BMC SPI flash chip, course of the “fwmap” or “sig_table” desk embedded within the uploaded picture, and compute a cryptographic hash digest of all “signed” firmware areas, and confirm the signature worth in opposition to the calculated hash digest.
Firmware safety firm Binarly, which has been credited with discovering and reporting the 2 shortcomings, stated CVE-2025-7937 is a bypass for CVE-2024-10237, which was disclosed by Supermicro in January 2025. The vulnerability was initially found by NVIDIA, alongside CVE-2024-10238 and CVE-2024-10239.
CVE-2024-10237 is a “logical flaw within the validation strategy of the uploaded firmware, which may in the end consequence within the BMC SPI chip being reflashed with a malicious picture,” Binarly researcher Anton Ivanov stated in a report shared with The Hacker Information. “This safety difficulty may permit potential attackers to realize full and chronic management of each the BMC system and the principle server OS.”
“This vulnerability demonstrated that the validation course of may very well be manipulated by including customized entries to the ‘fwmap’ desk and relocating the unique signed content material of the picture to unreserved firmware house, which ensures that the calculated digest nonetheless matches the signed worth.”
Alternatively, CVE-2024-10238 and CVE-2024-10239 are two stack overflow flaws within the firmware’s picture verification operate, permitting an attacker to execute arbitrary code within the BMC context.
Binarly’s evaluation discovered the repair for CVE-2024-10237 to be inadequate, figuring out a possible assault pathway by which a customized “fwmap” desk might be inserted earlier than the unique one, which is then used in the course of the validation course of. This primarily allows the risk actor to run customized code within the context of the BMC system.
Additional investigation into the implementation of the firmware validation logic within the X13SEM-F motherboard decided a flaw throughout the “auth_bmc_sig” operate that might allow an attacker to load a malicious picture with out modifying the hash digest worth.
“As soon as once more, as all of the areas used for the digest calculation are outlined within the uploaded picture itself (within the ‘sig_table’), it’s doable to change it, together with another components of the picture – for instance, the kernel – and transfer the unique knowledge to unused house within the firmware,” Ivanov stated. “Which means the signed knowledge digest will nonetheless match the unique worth.”
Profitable exploitation of CVE-2025-6198 cannot solely replace the BMC system with a specifically crafted picture, but in addition get across the BMC RoT safety characteristic.
“Beforehand, we reported the invention of the check key on Supermicro units, and their PSIRT doubled down that the {hardware} RoT (Root of Belief) authenticates the important thing and has no influence on this discovery,” Alex Matrosov, CEO and Head of REsearch at Binarly, advised The Hacker Information.
“Nevertheless, new analysis reveals that the earlier assertion from Supermicro will not be correct, and CVE-2025-6198 bypasses the BMC RoT. On this case, any leak of the signing key will influence the complete ecosystem. Reusing the signing key will not be the most effective method, and we advocate not less than rotating the signing keys per product line. Primarily based on earlier incidents like PKfail and the Intel Boot Guard key leakage, the reuse of cryptographic signing keys may trigger an industry-wide influence.”
