Supermicro hardware contains two critical firmware vulnerabilities, CVE-2024-10237 and CVE-2025-6198, which allow attackers to inject malicious firmware and gain persistent control over servers. Despite firmware patches, researchers found that these flaws can still be exploited, prompting urgent updates and awareness. #Supermicro #FirmwareVulnerabilities
Keypoints
- Two vulnerabilities affect Supermicroβs BMC firmware enabling remote malicious updates.
- Attackers can gain complete control of both BMC systems and the main server OS.
- Researchers discovered that firmware checks can be bypassed, allowing malicious firmware injection.
- Supermicro released firmware fixes, but vulnerabilities can still be exploited with proof-of-concept exploits.
- These BMC firmware flaws pose significant risks, including server bricking and persistent compromise.