AI description
CVE-2025-6198 is a vulnerability in the Supermicro BMC firmware validation logic found in Supermicro MBD-X13SEM-F. It allows an attacker to update the system firmware with a specially crafted image. This vulnerability exists because a crafted firmware image can bypass the Supermicro BMC firmware verification logic of the Signing Table. This is achieved by redirecting the program to a fake signing table ("sig_table") in the unsigned region. Successful exploitation of CVE-2025-6198 can bypass the BMC Root of Trust (RoT) security feature. This could allow attackers to gain persistent control of both the BMC system and the main server OS. Supermicro has released patches to address this vulnerability.
- Description
- There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image.
- Source
- def9a96e-e099-41a9-bfac-30fd4f82c411
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- def9a96e-e099-41a9-bfac-30fd4f82c411
- CWE-347
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
Supermicro、一部マザーボードのBMCに脆弱性(CVE-2025-7937,CVE-2025-6198) https://t.co/WMZlmpxyHD #セキュリティ対策Lab #セキュリティ #Security
@securityLab_jp
26 Sept 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 RadioCSIRT #432 – 24/09/2025 🖥️ SolarWinds Web Help Desk vuln. 📡 Synology Safe Access vuln. (XSS) 🛡️ CISA : leçons d’une IR 🔧 Supermicro BMC : la CVE-2025-7937 & la CVE-2025-6198 ✈️ NCA arrête un suspect de l’attaque vMUSE (aéroports EU) ht
@marcfredericgo
24 Sept 2025
71 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical flaws in Supermicro BMC firmware (CVE-2024-10237 & CVE-2025-6198) allow persistent backdoors via malicious updates, bypassing patches and enabling full server control. #SupermicroFlaws #FirmwareAttack #USA https://t.co/QNGsFEVXJN
@TweetThreatNews
24 Sept 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Binarly researchers discovered bypass for Supermicro's CVE-2024-10237 patch, leading to new CVE-2025-7937. They also found CVE-2025-6198 bypassing Root of Trust, allowing BMC and OS control. These flaws expose firmware validation's weakness, risking BMC code #EnterpriseSecurity
@bigmacd16684
24 Sept 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Two new flaws let attackers slip past Supermicro’s BMC Root of Trust! Hackers can sneak in a fake signed firmware image (CVE-2025-7937 & CVE-2025-6198) and take over the BMC—then the whole server—permanently. #cybernews https://t.co/Y01BgMXTWq
@Free713PK
24 Sept 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Two new flaws let attackers slip past Supermicro’s BMC Root of Trust! Hackers can sneak in a fake signed firmware image (CVE-2025-7937 & CVE-2025-6198) and take over the BMC—then the whole server—permanently. Full story → https://t.co/VcRs5xIT6U
@TheHackersNews
23 Sept 2025
16661 Impressions
34 Retweets
97 Likes
9 Bookmarks
1 Reply
2 Quotes