Two new Supermicro BMC Firmware Bugs have been disclosed, allowing attackers to bypass essential security mechanisms and install malicious firmware on affected systems. The vulnerabilities, impacting Supermicro’s Baseboard Management Controller (BMC) firmware, weaken critical verification steps used to secure the firmware update process.
Cybersecurity firm Binarly, which discovered and reported the vulnerabilities, explained that these flaws occur due to improper verification of cryptographic signatures during firmware updates. The two flaws are listed as:
- CVE-2025-7937 (CVSS score: 6.6): Allows attackers to bypass BMC firmware verification by redirecting the program to a fake “fwmap” table in the unsigned region.
- CVE-2025-6198 (CVSS score: 6.4): Enables attackers to bypass the signing table verification process by redirecting to a fake signing table (“sig_table”) in the unsigned region.
How the vulnerabilities work
Firmware updates on Supermicro BMC systems involve three steps:
- Retrieving the public key from the BMC SPI flash chip.
- Processing the “fwmap” or “sig_table” table embedded in the uploaded image.
- Computing a cryptographic hash digest of signed firmware regions and verifying the signature against the calculated hash digest.
Both vulnerabilities exploit weaknesses in these steps. CVE-2025-7937 allows a crafted firmware image to bypass the BMC verification logic, redirecting the system to a fake “fwmap” table. Similarly, CVE-2025-6198 manipulates the “sig_table” to bypass signing checks and install malicious firmware.
Root of Trust bypass
The flaws undermine the Root of Trust (RoT), a fundamental security feature designed to ensure firmware integrity. Previously, Supermicro’s PSIRT (Product Security Incident Response Team) claimed that the hardware RoT would prevent these issues. However, further research by Binarly found that CVE-2025-6198 indeed bypasses this security feature.
Alex Matrosov, CEO of Binarly, warned that reusing signing keys across product lines could have a massive impact if they were to leak. The CVE-2025-6198 vulnerability, in particular, shows how significant the consequences could be if an attacker gains access to the signing keys.
Implications for firmware security
These vulnerabilities reflect a broader issue in firmware security. Both flaws allow attackers to install specially crafted firmware images without triggering the usual security safeguards. Given the potential severity of these bugs, CVE-2025-7937 and CVE-2025-6198 are medium-severity vulnerabilities, but they still pose a serious threat to Supermicro’s customer base.
Binarly also highlighted previous issues with Supermicro’s firmware, such as the CVE-2024-10237 vulnerability, which similarly involved bypassing the firmware validation process. These vulnerabilities demonstrate the ongoing challenge of maintaining secure firmware in modern systems, especially when dealing with complex security features like RoT.
Conclusion
Supermicro must address these firmware flaws quickly to prevent potential exploitation. The Supermicro BMC Firmware Bugs show that even the most advanced security features, like the Root of Trust, can be bypassed if proper cryptographic checks are not in place. As security research continues to uncover weaknesses in system firmware, it’s clear that manufacturers need to strengthen their update and verification protocols to avoid the risks posed by such vulnerabilities.
