Sep 23, 2025Ravie LakshmananFirmware Safety / Vulnerability
Cybersecurity researchers have disclosed particulars of two safety vulnerabilities impacting Supermicro Baseboard Administration Controller (BMC) firmware that might doubtlessly permit attackers to bypass essential verification steps and replace the system with a specifically crafted picture.
The medium-severity vulnerabilities, each of which stem from improper verification of a cryptographic signature, are listed beneath –
CVE-2025-7937 (CVSS rating: 6.6) – A crafted firmware picture can bypass the Supermicro BMC firmware verification logic of Root of Belief (RoT) 1.0 to replace the system firmware by redirecting this system to a faux “fwmap” desk within the unsigned area
CVE-2025-6198 (CVSS rating: 6.4) – A crafted firmware picture can bypass the Supermicro BMC firmware verification logic of the Signing Desk to replace the system firmware by redirecting this system to a faux signing desk (“sig_table”) within the unsigned area
The picture validation course of carried out throughout a firmware replace takes place over three steps: Retrieve the general public key from the BMC SPI flash chip, course of the “fwmap” or “sig_table” desk embedded within the uploaded picture, and compute a cryptographic hash digest of all “signed” firmware areas, and confirm the signature worth towards the calculated hash digest.
Firmware safety firm Binarly, which has been credited with discovering and reporting the 2 shortcomings, mentioned CVE-2025-7937 is a bypass for CVE-2024-10237, which was disclosed by Supermicro in January 2025. The vulnerability was initially found by NVIDIA, alongside CVE-2024-10238 and CVE-2024-10239.
CVE-2024-10237 is a “logical flaw within the validation technique of the uploaded firmware, which may finally outcome within the BMC SPI chip being reflashed with a malicious picture,” Binarly researcher Anton Ivanov mentioned in a report shared with The Hacker Information. “This safety subject may permit potential attackers to realize full and chronic management of each the BMC system and the primary server OS.”
“This vulnerability demonstrated that the validation course of could possibly be manipulated by including customized entries to the ‘fwmap’ desk and relocating the unique signed content material of the picture to unreserved firmware area, which ensures that the calculated digest nonetheless matches the signed worth.”
Alternatively, CVE-2024-10238 and CVE-2024-10239 are two stack overflow flaws within the firmware’s picture verification perform, permitting an attacker to execute arbitrary code within the BMC context.
Binarly’s evaluation discovered the repair for CVE-2024-10237 to be inadequate, figuring out a possible assault pathway by which a customized “fwmap” desk may be inserted earlier than the unique one, which is then used through the validation course of. This basically allows the menace actor to run customized code within the context of the BMC system.
Additional investigation into the implementation of the firmware validation logic within the X13SEM-F motherboard decided a flaw inside the “auth_bmc_sig” perform that might allow an attacker to load a malicious picture with out modifying the hash digest worth.
“As soon as once more, as all of the areas used for the digest calculation are outlined within the uploaded picture itself (within the ‘sig_table’), it’s potential to switch it, together with another components of the picture – for instance, the kernel – and transfer the unique information to unused area within the firmware,” Ivanov mentioned. “Which means that the signed information digest will nonetheless match the unique worth.”
Profitable exploitation of CVE-2025-6198 can’t solely replace the BMC system with a specifically crafted picture, but in addition get across the BMC RoT safety characteristic.
“Beforehand, we reported the invention of the take a look at key on Supermicro gadgets, and their PSIRT doubled down that the {hardware} RoT (Root of Belief) authenticates the important thing and has no impression on this discovery,” Alex Matrosov, CEO and Head of REsearch at Binarly, informed The Hacker Information.
“Nevertheless, new analysis exhibits that the earlier assertion from Supermicro is just not correct, and CVE-2025-6198 bypasses the BMC RoT. On this case, any leak of the signing key will impression your entire ecosystem. Reusing the signing key is just not the perfect strategy, and we advocate at the least rotating the signing keys per product line. Primarily based on earlier incidents like PKfail and the Intel Boot Guard key leakage, the reuse of cryptographic signing keys may trigger an industry-wide impression.”
