Recent findings have unveiled two significant security vulnerabilities in Supermicro’s Baseboard Management Controller (BMC) firmware. These flaws could enable attackers to circumvent essential verification processes, allowing the installation of malicious firmware images.
Identified Vulnerabilities:
1. CVE-2025-7937 (CVSS score: 6.6): This vulnerability permits a crafted firmware image to bypass the BMC firmware’s Root of Trust (RoT) 1.0 verification. By redirecting the program to a counterfeit fwmap table located in an unsigned region, attackers can update the system firmware without detection.
2. CVE-2025-6198 (CVSS score: 6.4): Similarly, this flaw allows a crafted firmware image to evade the BMC firmware’s Signing Table verification. By pointing the program to a fake sig_table in an unsigned region, malicious firmware updates can be executed.
Understanding the Firmware Validation Process:
The firmware update validation involves three primary steps:
1. Public Key Retrieval: The system fetches the public key from the BMC’s SPI flash chip.
2. Processing Embedded Tables: The system processes the fwmap or sig_table embedded within the uploaded firmware image.
3. Hash Digest Computation and Verification: A cryptographic hash digest of all signed firmware regions is computed and then verified against the calculated hash digest.
These vulnerabilities exploit weaknesses in the second step, allowing attackers to manipulate the embedded tables and bypass verification.
Background and Discovery:
Firmware security firm Binarly identified these vulnerabilities and reported them to Supermicro. Notably, CVE-2025-7937 serves as a bypass for a previously disclosed vulnerability, CVE-2024-10237, which was identified by NVIDIA and disclosed by Supermicro in January 2025.
CVE-2024-10237 was a logical flaw in the firmware validation process, potentially allowing the BMC’s SPI chip to be reflashed with a malicious image. This could grant attackers complete and persistent control over both the BMC system and the main server operating system.
Further analysis revealed that the fix for CVE-2024-10237 was insufficient. Attackers could insert a custom fwmap table before the original one, which would then be used during the validation process, enabling the execution of custom code within the BMC system.
Implications and Recommendations:
Exploiting CVE-2025-6198 allows attackers to update the BMC system with a specially crafted image, effectively bypassing the BMC’s Root of Trust security feature. This underscores the critical need for robust firmware validation mechanisms.
Supermicro has acknowledged the severity of these vulnerabilities and is actively working on validating affected products. Users are strongly advised to monitor Supermicro’s official channels for firmware updates and apply them promptly.
In the interim, organizations should adhere to industry best practices by operating BMCs on isolated private networks, reducing exposure to potential attacks. Additionally, disabling the Virtual Media function by blocking TCP port 623 can serve as a temporary mitigation measure.
The discovery of these vulnerabilities highlights the ongoing challenges in securing firmware components and the importance of continuous vigilance in cybersecurity practices.
