September 23, 2025 By Ravie Lakshmanan
Cybersecurity researchers have disclosed details of two security vulnerabilities impacting Supermicro Baseboard Management Controller (BMC) firmware that could potentially allow attackers to bypass crucial verification steps and update the system with a specially crafted image.
The medium-severity vulnerabilities, both of which stem from improper verification of a cryptographic signature, are listed below -
- CVE-2025-7937 (CVSS score: 6.6) - A crafted firmware image can bypass the Supermicro BMC firmware verification logic of Root of Trust (RoT) 1.0 to update the system firmware by redirecting the program to a fake "fwmap" table in the unsigned region
- CVE-2025-6198 (CVSS score: 6.4) - A crafted firmware image can bypass the Supermicro BMC firmware verification logic of the Signing Table to update the system firmware by redirecting the program to a fake signing table ("sig_table") in the unsigned region
The image validation process carried out during a firmware update takes place over three steps: Retrieve the public key from the BMC SPI flash chip, process the "fwmap" or "sig_table" table embedded in the uploaded image, and compute a cryptographic hash digest of all "signed" firmware regions, and verify the signature value against the calculated hash digest.
Firmware security company Binarly, which has been credited with discovering and reporting the two shortcomings, said CVE-2025-7937 is a bypass for CVE-2024-10237, which was disclosed by Supermicro in January 2025. The vulnerability was originally discovered by NVIDIA, alongside CVE-2024-10238 and CVE-2024-10239.
