Ethical Hacking News
New Supermicro BMC flaws have been discovered, allowing attackers to create persistent backdoors on vulnerable systems. The vulnerabilities, identified as CVE-2024-10237 and CVE-2025-6198, can be exploited to update systems with maliciously crafted images, granting complete control over the system's firmware and operating system. In light of these findings, IT administrators must take immediate action to protect their systems by implementing robust security controls and ensuring their Supermicro BMC firmware is up-to-date with the latest patches.
Supermicro's Baseboard Management Controller (BMC) firmware has been hit by two critical vulnerabilities (CVE-2024-10237 and CVE-2025-6198). The flaws allow attackers to update systems with maliciously crafted images, granting them control over the BMC system and main server OS. Supermicro has released firmware fixes for impacted models, while Binarly has released proof-of-concept exploits for both issues. Prompt action is required to protect potentially impacted systems, including implementing robust security controls such as regular firmware updates and secure configurations. The vulnerabilities highlight the importance of continuous testing and monitoring of firmware vulnerabilities in modern systems.
Supermicro, a leading manufacturer of servers, motherboards, and data center hardware, has been hit by two critical vulnerabilities affecting their Baseboard Management Controller (BMC) firmware. The flaws, identified as CVE-2024-10237 and CVE-2025-6198, can allow attackers to update systems with maliciously crafted images, granting them complete and persistent control over the BMC system and the main server OS.
The BMC is a microcontroller on Supermicro server motherboards that enables remote system monitoring and management even when the system is powered off. While this feature provides an added layer of convenience for IT administrators, it also introduces a potential security risk. In this case, the vulnerabilities discovered by Binarly, a firmware security company, can be exploited to bypass the BMC Root of Trust (RoT), a security feature that validates the system's boot process.
The first vulnerability, CVE-2024-10237, is related to the way Supermicro restricts custom fwmap entries in the firmware image. To address this issue, Supermicro added checks to prevent tampering with the firmware image. However, Binarly researchers discovered a bypass for this flaw, which allows attackers to inject malicious fwmap entries before the vendor's original image is loaded by the system. This bypasses the check, allowing the attacker to relocate or replace actual content in the firmware image while keeping the calculated hash equal to the signed value.
The second vulnerability, CVE-2025-6198, arises from a flawed validation logic within the auth_bmc_sig function executed in the OP-TEE environment of the X13SEM-F motherboard firmware. The signed regions are defined in the uploaded image itself, allowing attackers to modify the kernel or other regions and relocate original data to unused firmware space. This means that the kernel authentication is not performed during boot, leaving the Root of Trust feature partially effective.
The researchers demonstrated flashing and execution of a customized kernel, demonstrating that exploiting this vulnerability achieves the same result as the bypass for CVE-2024-10237: permitting the injection of malicious firmware or downgrading the existing image to a less secure one. Supermicro has released firmware fixes for impacted models, while Binarly has released proof-of-concept exploits for both issues.
The BMC firmware flaws are persistent and can be particularly dangerous, in some cases causing mass-bricking of servers. These problems are also not theoretical, as CISA (Cybersecurity and Infrastructure Security Agency) has previously flagged exploitation of such bugs in the wild. As a result, prompt action to protect potentially impacted systems is required.
In light of these vulnerabilities, IT administrators and security professionals must take immediate action to ensure their Supermicro BMC firmware is up-to-date with the latest patches. This includes implementing robust security controls, such as regular firmware updates, secure configurations, and monitoring for suspicious activity. By taking proactive measures, organizations can minimize the risk of exploitation and prevent potential backdoors from being created.
Furthermore, this incident highlights the importance of continuous testing and monitoring of firmware vulnerabilities. As the complexity of modern systems increases, so does the attack surface. It is crucial that manufacturers like Supermicro prioritize firmware security and implement robust testing protocols to identify and address vulnerabilities before they can be exploited in the wild.
In conclusion, the recent BMC flaws discovered by Binarly pose a significant threat to organizations relying on Supermicro hardware. The vulnerabilities can allow attackers to gain complete and persistent control over the system, compromising its integrity and security. It is essential that IT administrators and security professionals take immediate action to address these issues and implement robust security controls to prevent potential backdoors from being created.
Related Information:
https://www.ethicalhackingnews.com/articles/New-Supermicro-BMC-Flaws-A-Persistent-Backdoor-Nightmare-ehn.shtml
https://www.bleepingcomputer.com/news/security/new-supermicro-bmc-flaws-can-create-persistent-backdoors/
Published: Wed Sep 24 16:40:21 2025 by llama3.2 3B Q4_K_M
