Supermicro has patched two BMC vulnerabilities that can be exploited to perform malicious firmware updates on impacted devices.
According to firmware security company Binarly, one of these security holes is the result of a previously issued patch being bypassed.
The BMC (Baseboard Management Controller), a specialized chip typically present on the motherboard of servers and high-end computers, provides out-of-band management capabilities that allow administrators to remotely monitor and manage the device, even if the operating system is down or the power is off.
Supermicro informed customers in January that a researcher from Nvidia had discovered several BMC firmware vulnerabilities, including CVE-2024-10237, an image authentication issue that could allow an attacker to conduct malicious firmware updates.
“An attacker can modify the firmware to bypass BMC inspection and bypass the signature verification process,” Supermicro explained.
A malicious firmware update would enable the attacker to gain complete and persistent control of the BMC and the operating system.
Binarly analyzed CVE-2024-10237 and discovered that the patch released by Supermicro could be bypassed. As a result, the vendor assigned a new CVE identifier, CVE-2025-7937, and this month made another attempt to patch it.
During its investigation, Binarly also found another similar vulnerability, which has been assigned the CVE identifier CVE-2025-6198.
The cybersecurity firm warned that CVE-2025-6198 can be exploited not only to deploy a malicious firmware image, but also to bypass the Root of Trust (RoT) security feature, which ensures the integrity and authenticity of the BMC firmware.
Supermicro has patched this vulnerability as well with its latest updates, and noted that there is no evidence of in-the-wild exploitation for either of the flaws.
“These findings matter because they show how fragile firmware validation can be, even with supposed hardware-backed security,” Alex Matrosov, CEO and head of research at Binarly, told SecurityWeek.
“Keep in mind, successful exploits for these vulnerabilities give attackers persistent code execution at the BMC level and control of both the Base Management Controller and the main OS. This presents significant risk to enterprise organizations,” Matrosov added.
Binarly has published a video showing the exploit in action:
BMC vulnerabilities being exploited in malicious attacks is not unheard of. CISA warned recently that an AMI BMC flaw allowing attackers to take control of the target machine has been exploited in attacks.
Related: Critical AMI BMC Vulnerability Exposes Servers to Disruption, Takeover
Related: Flaw in Industrial Computer Maker’s UEFI Apps Enables Secure Boot Bypass on Many Devices
Related: Palo Alto Networks Addresses Impact of BIOS, Bootloader Vulnerabilities on Its Firewalls
