Supermicro has addressed two critical BMC vulnerabilities that could allow attackers to execute malicious firmware updates and gain persistent control over affected devices. These flaws highlight the ongoing challenges in firmware security, especially concerning BMCs and out-of-band management systems. #Supermicro #BMCVulnerabilities
Keypoints
- Supermicro released patches for two BMC security flaws affecting servers and high-end computers.
- One vulnerability (CVE-2024-10237) was previously patched but could still be bypassed.
- The flaws allow malicious firmware to skip signature verification and compromise the BMC and OS.
- Binarly identified two CVEs, CVE-2025-7937 and CVE-6198, highlighting the fragility of firmware validation.
- Despite patches, these vulnerabilities show the persistent risks of BMC security breaches impacting enterprises.
Read More: https://www.securityweek.com/patch-bypassed-for-supermicro-vulnerability-allowing-bmc-hack/