Cybersecurity experts have uncovered two medium-severity vulnerabilities in Supermicro BMC firmware that can be exploited to bypass verification processes and execute malicious firmware updates. These flaws, stemming from improper cryptographic signature validation, could lead to persistent control over affected systems and compromise the security of enterprise hardware. #SupermicroBMC #FirmwareVulnerabilities
Keypoints
- Two security flaws in Supermicro BMC firmware can allow attackers to bypass verification steps.
- Both vulnerabilities involve improper validation of cryptographic signatures in firmware images.
- Exploitation could enable remote installation of malicious firmware and persistent system control.
- Previous related vulnerabilities were identified, but fixes may be insufficient to prevent new attacks.
- Researchers advise rotating signing keys and enhancing validation processes to mitigate risks.
Read More: https://thehackernews.com/2025/09/two-new-supermicro-bmc-bugs-allow.html