CVE-2025-12007

Published Jan 16, 2026

Last updated 9 days ago

CVSS high 8.4
Firmware

Overview

Description
There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image.
Source
def9a96e-e099-41a9-bfac-30fd4f82c411
NVD status
Deferred

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.4
Impact score
5.9
Exploitability score
2.5
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

def9a96e-e099-41a9-bfac-30fd4f82c411
CWE-347

Social media

Hype score
Not currently trending

  1. Binarly REsearch breaks down how Supermicro BMC firmware validation fixes were bypassed, more than once, and what to do differently: verify firmware sources + hashes, enable RoT, and monitor BMC behavior. 🔥CVE-2025-12006 🔥CVE-2025-12007 Full Details: https://t.co/p74zijPH

    @binarly_io

    26 Jan 2026

    1959 Impressions

    8 Retweets

    11 Likes

    2 Bookmarks

    0 Replies

    1 Quote

  2. CVE-2025-12007 There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially craf… https://t.co/wEHs5xSb8T

    @CVEnew

    16 Jan 2026

    89 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. At DistrictCon, Binarly will reveal firmware bypass chains that can blind EDR and disclose two new Supermicro BMC vulnerabilities (CVE-2025-12006, CVE-2025-12007) with implications for enterprise and AI infrastructure security. https://t.co/bQA4D0ci2g

    @SovaSvet

    15 Jan 2026

    59 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. “Fully patched” ≠ secure Binarly is unveiling “Broken Trust” REsearch at @DistrictCon: 🔥Firmware bypass chains 🔥BMC persistence 🔥EDR evasion Including new Supermicro BMC critical vulns: 💥CVE-2025-12006 💥CVE-2025-12007 FW Trust == Attack Surface http

    @binarly_io

    15 Jan 2026

    1081 Impressions

    4 Retweets

    10 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  5. ⛓️‍Broken Trust: Firmware Bypass Chains, BMC Persistence, and EDR Evasion. Our @DistrictCon talk got accepted (@matrosov, @pagabuc) 🎉 🪄✨ @ant_av7 uncovered two new high-impact CVEs in Supermicro BMC firmware RoT: 💥 CVE-2025-12006 💥 CVE-2025-12007 https://t.

    @binarly_io

    28 Oct 2025

    1678 Impressions

    3 Retweets

    11 Likes

    3 Bookmarks

    0 Replies

    0 Quotes

Related CVEs

  1. The Semtech LR11xx LoRa transceivers running early versions of firmware contains an information disclosure vulnerability in its firmware validation functionality. When a host issues a firmware validity check command via the SPI interface, the device decrypts the provided encrypted firmware package block-by-block to validate its integrity. However, the last decrypted firmware block remains uncleared in memory after the validation process completes. An attacker with access to the SPI interface can subsequently issue memory read commands to retrieve the decrypted firmware contents from this residual memory, effectively bypassing the firmware encryption protection mechanism. The attack requires physical access to the device's SPI interface.CVE-2025-14858
  2. Fortinet FortiClient EMS Improper Access Control VulnerabilityCVE-2026-35616
  3. A flaw has been found in Tenda AC5 15.03.06.47. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. This manipulation of the argument PPPOEPassword causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used.CVE-2026-4903
  4. A Missing Authentication for Critical Function vulnerability in Pharos Controls Mosaic Show Controller firmware version 2.15.3 could allow an unauthenticated attacker to bypass authentication and execute arbitrary commands with root privileges.CVE-2026-2417
  5. A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables decryption and re-encryption of device configuration data. An authenticated attacker may decrypt configuration files, modify them, and re-encrypt them, affecting the confidentiality and integrity of device configuration data.CVE-2025-15605

References

Sources include official advisories and independent security research.