Security Vulnerabilities Found in Supermicro BMC Firmware
Overview of the Issue
Recent findings by cybersecurity researchers have highlighted two significant vulnerabilities in the firmware used by Supermicro’s Baseboard Management Controller (BMC). These flaws pose a risk by enabling potential attackers to bypass essential verification processes and introduce malicious firmware updates into the system. The vulnerabilities are classified as medium severity and stem from improper verification of cryptographic signatures.
Details of the Vulnerabilities
The vulnerabilities identified are as follows:
-
CVE-2025-7937: This issue has a Common Vulnerability Scoring System (CVSS) score of 6.6. It allows attackers to craft a firmware image that can evade the BMC’s verification logic for Root of Trust (RoT) 1.0. By redirecting the program to a counterfeit "fwmap" table in the system’s unsigned region, attackers can successfully update the system firmware.
- CVE-2025-6198: Rated slightly lower with a CVSS score of 6.4, this vulnerability similarly allows crafted firmware images to circumvent the BMC’s verification logic related to the Signing Table. By redirecting the program to a fraudulent signing table ("sig_table") in the unsigned region, attackers achieve a similar outcome—updating the system firmware.
Firmware Validation Process
The BMC firmware update validation process occurs through three critical steps:
- Retrieving the public key from the BMC’s SPI flash chip.
- Processing the "fwmap" or "sig_table" embedded within the uploaded image.
- Computing a cryptographic hash digest of all signed firmware regions and verifying the signature against the calculated hash digest.
Background on the Vulnerabilities
The security firm Binarly, which discovered and reported these weaknesses, indicates that CVE-2025-7937 acts as a bypass for a previously disclosed vulnerability, CVE-2024-10237. This earlier vulnerability was brought to light by Supermicro in January 2025 and was first identified by NVIDIA. It reflects a logical flaw in the firmware validation process that could allow a malicious image to reflash the BMC SPI chip.
According to Anton Ivanov, a researcher at Binarly, "This security issue could allow potential attackers to gain complete and persistent control of both the BMC system and the main server operating system." The core of this vulnerability allows manipulation of the validation process by adding custom entries to the "fwmap" table and relocating original signed content to an unallocated firmware space, ensuring that the calculated digest aligns with the signed value.
Further Vulnerabilities
In addition to the two main vulnerabilities, Binarly also identified CVE-2024-10238 and CVE-2024-10239, both of which involve stack overflow flaws in the firmware’s image verification function. These flaws enable attackers to execute arbitrary code in the context of the BMC, further complicating the security landscape.
Analysis and Implications
Binarly’s in-depth analysis found that the fix for CVE-2024-10237 was inadequate. They pinpointed a pathway allowing attackers to insert a custom "fwmap" table before the legitimate entry, effectively enabling unauthorized code execution within the BMC system’s context.
A closer look at the firmware validation logic within the X13SEM-F motherboard revealed additional weak points. Specifically, an issue within the “auth_bmc_sig” function could permit the loading of a malicious image without altering the hash digest values. "All regions for the digest calculation are defined in the uploaded image itself (in the ‘sig_table’), which means an attacker can modify it—along with other parts of the image—and still maintain a matching signed data digest," explained Ivanov.
The Impact of Successful Exploitation
The successful exploitation of CVE-2025-6198 not only permits the BMC system to be updated with a crafted image but also undermines the BMC’s RoT security feature. Effective exploitation of these vulnerabilities, particularly those tied to the signing process, could lead to severe security consequences.
Alex Matrosov, CEO of Binarly, underscored the seriousness of these vulnerabilities, noting that while Supermicro’s previous assurances claimed that hardware RoT would counteract this issue, new research indicates otherwise. "CVE-2025-6198 bypasses the BMC RoT," Matrosov stated. He further cautioned against the reuse of signing keys across products, referencing past incidents like the Intel Boot Guard key leak. He advocates for the rotation of signing keys to mitigate the risks inherent in key reuse.
Conclusion
The vulnerabilities identified within Supermicro’s BMC firmware represent a critical security concern. As organizations increasingly rely on secure firmware updates for operational integrity, these findings highlight the need for stringent validation processes and robust security protocols to protect against potential exploits.
