Ethical Hacking News
Supermicro motherboards have been identified as vulnerable to two high-severity exploits that could allow hackers to infect servers with unremovable malware. The vulnerabilities were discovered by Binarly and affect baseboard management controllers (BMCs) that enable remote firmware updates. While Supermicro has patched the issue, customers are advised to check release notes for resolution due to concerns about incomplete fixes.
Binary found two high-severity vulnerabilities in Supermicro motherboards (CVE-2025-7937 and CVE-2025-6198) that allow hackers to remotely install malicious firmware.The patches released by Supermicro do not fully address the issues, leaving servers vulnerable to remote attacks.The vulnerabilities affect baseboard management controllers (BMCs), which enable sensitive operations like reflashing the UEFI firmware.Customers are advised to check release notes for updates but patched firmware is not available on Supermicro's website.The patches may take more time from Supermicro to complete, highlighting the need for greater vigilance in server security.
Supermicro, a leading manufacturer of server motherboards, has been identified as a target for two high-severity vulnerabilities that can be exploited by hackers to remotely install malicious firmware. The two vulnerabilities, CVE-2025-7937 and CVE-2025-6198, were discovered by Binarly, a security firm, and have the potential to allow attackers to infect servers with unremovable malware.
The first vulnerability, CVE-2024-10237, was already partially patched by Supermicro in January. However, Binarly has found that this patch does not fully address the issue, and the same vulnerability can still be exploited at a different offset. The incomplete fix allows attackers to replace safe firmware images with malicious ones without tripping mechanisms for detecting and blocking such attacks.
The second vulnerability, CVE-2025-7937, is caused by an incomplete fix for CVE-2024-10237. This vulnerability involves adding custom entries to the fwmap table, which stores memory locations, signatures, and other data crucial for firmware validation. The patch added two new functions that blocked new entries from being added at specific memory offsets used in the Nvidia PoC (proof of concept). However, Binarly discovered that this same vulnerability could still be exploited at a different offset.
Both vulnerabilities reside inside silicon soldered onto Supermicro motherboards and affect baseboard management controllers (BMCs), which allow administrators to remotely perform tasks such as installing updates, monitoring hardware temperatures, and setting fan speeds accordingly. BMCs also enable some of the most sensitive operations, such as reflashing the firmware for the UEFI (Unified Extensible Firmware Interface) that's responsible for loading the server OS when booting.
The vulnerabilities are particularly concerning because they can be exploited to install firmware similar to ILObleed, an implant discovered in 2021 that infected HP Enterprise servers with wiper firmware that permanently destroyed data stored on hard drives. Even after administrators reinstalled the operating system, swapped out hard drives, or took other common disinfection steps, ILObleed would remain intact and reactivate the disk-wiping attack.
Supermicro has updated its BMC firmware to mitigate these vulnerabilities, but the company is currently testing and validating affected products. The company advises customers to "check release notes for the resolution," but it appears that the patched firmware updates are not available on Supermicro's website.
Dan Goodin, Senior Security Editor at Ars Technica, noted that the bug is hard to fix, and he assumes it will take more time from Supermicro to complete the update. Binarly's discovery highlights the need for greater vigilance in the server industry and emphasizes the importance of keeping software up-to-date to prevent similar vulnerabilities from arising.
In conclusion, the two high-severity vulnerabilities discovered by Binarly in Supermicro motherboards pose a significant threat to server security. The incomplete patches released by Supermicro have only partially addressed these issues, leaving servers vulnerable to remote attacks that can be difficult to detect or remove without unusual protections in place.
Related Information:
https://www.ethicalhackingnews.com/articles/Unpatched-Vulnerabilities-In-Supermicro-Motherboards-Pose-Significant-Threat-to-Server-Security-ehn.shtml
https://arstechnica.com/security/2025/09/supermicro-server-motherboards-can-be-infected-with-unremovable-malware/
https://nvd.nist.gov/vuln/detail/CVE-2025-6198
https://www.cvedetails.com/cve/CVE-2025-6198/
https://nvd.nist.gov/vuln/detail/CVE-2025-7937
https://www.cvedetails.com/cve/CVE-2025-7937/
https://nvd.nist.gov/vuln/detail/CVE-2024-10237
https://www.cvedetails.com/cve/CVE-2024-10237/
Published: Wed Sep 24 07:56:40 2025 by llama3.2 3B Q4_K_M
