Cybersecurity researchers have revealed details of two security vulnerabilities affecting Super Micro Baseboard Management Controller (BMC) firmware that could allow attackers to bypass critical verification steps and update the system with specially created images.
Both list the moderate vulnerabilities that arise from inappropriate verification of cryptographic signatures below –
CVE-2025-7937 (CVSS Score: 6.6) – A crafted firmware image can update the system firmware by bypassing the Root of Trust (ROT) 1.0 logic of Super Micro BMC Firmware Verification Logic and redirecting the program to the “FWMAP” table in the unsigned region. The logic in the SuperMicro BMC firmware verification signature table is for updating the system firmware by redirecting the program to a false signature table (“SIG_TABLE”) in the region that is not signed
The image verification process that is performed during a firmware update takes place in three steps. Get the public key from the BMCSPI flash chip, process the “FWMAP” or “SIG_TABLE” table decorated with the uploaded image, calculate the cryptographic hash digestion for all “signed ‘firmware’ areas, and check the signature value for the rounded hash dim.
CVE-2025-7937 said it was a bypass of CVE-2024-10237, which was disclosed by Supermicro in January 2025.
CVE-2024-10237 “is a logical flaw in the process of verifying uploaded firmware, and ultimately the BMC SPI chip could recur with a malicious image,” Binarly researcher Anton Ivanov said in a report shared with Hacker News. “This security issue will allow potential attackers to gain full and sustained control over both the BMC system and the main server OS.”
“The vulnerability demonstrated that the verification process can be manipulated by adding a custom entry to the ‘FWMAP’ table and relocating the original signed content of the image into an unreserved firmware space.
Meanwhile, CVE-2024-10238 and CVE-2024-10239 are two stack overflow flaws in the image validation function in the firmware, allowing an attacker to execute arbitrary code in the BMC context.
Binarly’s analysis reveals that the CVE-2024-10237 fix is insufficient, identifying potential attack routes that a custom “FWMAP” table can insert before the original table. This allows threat actors to run custom code in the context of a BMC system.
Further investigation into the implementation of firmware verification logic for X13SEM-F motherboards has determined a flaw in the “auth_bmc_sig” function that allows attackers to load malicious images without changing the hash digest value.
“Again, all the area used for the digest calculation is defined in the uploaded image itself (“sig_table”), so you can modify it along with the rest of the image (for example the kernel) and move the original data into unused space in the firmware,” Ivanov said. “This means that the signed data digest matches the original value.”
The successful exploitation of CVE-2025-6198 not only updates the BMC system with specially created images, but also allows you to bypass the BMC ROT security feature.
“Previously, we reported the discovery of test keys on supermicro devices, and its PSIRT doubled that hardware corruption (Trust’s Root) authenticated the key and did not affect this discovery,” Alex Matrosov, CEO and Head of Research at Binarly, told Hacker News.
“However, new research shows that previous statements from Supermicro are not accurate and that CVE-2025-6198 bypass BMC corruption. In this case, all signing key leaks affect the entire ecosystem. Reusing signing keys is not the best approach. In the case of encrypted signing keys, it can cause industry-wide impact.”
Source link
