- Description
- There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image.
- Source
- def9a96e-e099-41a9-bfac-30fd4f82c411
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- def9a96e-e099-41a9-bfac-30fd4f82c411
- CWE-347
- Hype score
- Not currently trending
Exploiting vulnerabilities in Supermicro BMC (CVE-2025-7937 and CVE-2025-6198) https://t.co/DJsZWEl3tN Credits Anton Ivanov #infosec https://t.co/WSjMnJjlMM
@0xor0ne
23 Oct 2025
4637 Impressions
12 Retweets
62 Likes
33 Bookmarks
0 Replies
0 Quotes
Supermicro、一部マザーボードのBMCに脆弱性(CVE-2025-7937,CVE-2025-6198) https://t.co/WMZlmpxyHD #セキュリティ対策Lab #セキュリティ #Security
@securityLab_jp
26 Sept 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 RadioCSIRT #432 – 24/09/2025 🖥️ SolarWinds Web Help Desk vuln. 📡 Synology Safe Access vuln. (XSS) 🛡️ CISA : leçons d’une IR 🔧 Supermicro BMC : la CVE-2025-7937 & la CVE-2025-6198 ✈️ NCA arrête un suspect de l’attaque vMUSE (aéroports EU) ht
@marcfredericgo
24 Sept 2025
71 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical flaws in Supermicro BMC firmware (CVE-2024-10237 & CVE-2025-6198) allow persistent backdoors via malicious updates, bypassing patches and enabling full server control. #SupermicroFlaws #FirmwareAttack #USA https://t.co/QNGsFEVXJN
@TweetThreatNews
24 Sept 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Binarly researchers discovered bypass for Supermicro's CVE-2024-10237 patch, leading to new CVE-2025-7937. They also found CVE-2025-6198 bypassing Root of Trust, allowing BMC and OS control. These flaws expose firmware validation's weakness, risking BMC code #EnterpriseSecurity
@bigmacd16684
24 Sept 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Two new flaws let attackers slip past Supermicro’s BMC Root of Trust! Hackers can sneak in a fake signed firmware image (CVE-2025-7937 & CVE-2025-6198) and take over the BMC—then the whole server—permanently. #cybernews https://t.co/Y01BgMXTWq
@Free713PK
24 Sept 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Two new flaws let attackers slip past Supermicro’s BMC Root of Trust! Hackers can sneak in a fake signed firmware image (CVE-2025-7937 & CVE-2025-6198) and take over the BMC—then the whole server—permanently. Full story → https://t.co/VcRs5xIT6U
@TheHackersNews
23 Sept 2025
16661 Impressions
34 Retweets
97 Likes
9 Bookmarks
1 Reply
2 Quotes