AI description
CVE-2025-7937 is a security vulnerability in the Supermicro Baseboard Management Controller (BMC) firmware, specifically affecting Supermicro MBD-X12STW. The vulnerability lies in the BMC firmware validation logic, where a crafted firmware image can bypass the verification process. This allows an attacker to update the system firmware with a malicious image. Successful exploitation of CVE-2025-7937 could allow attackers to gain persistent control of the BMC system and the main server OS. This vulnerability is a bypass for CVE-2024-10237 and involves manipulating the 'fwmap' table by adding custom entries and relocating the original signed content to unreserved firmware space.
- Description
- There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW . An attacker can update the system firmware with a specially crafted image.
- Source
- def9a96e-e099-41a9-bfac-30fd4f82c411
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.2
- Impact score
- 5.9
- Exploitability score
- 1.2
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- def9a96e-e099-41a9-bfac-30fd4f82c411
- CWE-347
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
Supermicro、一部マザーボードのBMCに脆弱性(CVE-2025-7937,CVE-2025-6198) https://t.co/WMZlmpxyHD #セキュリティ対策Lab #セキュリティ #Security
@securityLab_jp
26 Sept 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 RadioCSIRT #432 – 24/09/2025 🖥️ SolarWinds Web Help Desk vuln. 📡 Synology Safe Access vuln. (XSS) 🛡️ CISA : leçons d’une IR 🔧 Supermicro BMC : la CVE-2025-7937 & la CVE-2025-6198 ✈️ NCA arrête un suspect de l’attaque vMUSE (aéroports EU) ht
@marcfredericgo
24 Sept 2025
71 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Binarly researchers discovered bypass for Supermicro's CVE-2024-10237 patch, leading to new CVE-2025-7937. They also found CVE-2025-6198 bypassing Root of Trust, allowing BMC and OS control. These flaws expose firmware validation's weakness, risking BMC code #EnterpriseSecurity
@bigmacd16684
24 Sept 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Two new flaws let attackers slip past Supermicro’s BMC Root of Trust! Hackers can sneak in a fake signed firmware image (CVE-2025-7937 & CVE-2025-6198) and take over the BMC—then the whole server—permanently. #cybernews https://t.co/Y01BgMXTWq
@Free713PK
24 Sept 2025
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Two new flaws let attackers slip past Supermicro’s BMC Root of Trust! Hackers can sneak in a fake signed firmware image (CVE-2025-7937 & CVE-2025-6198) and take over the BMC—then the whole server—permanently. Full story → https://t.co/VcRs5xIT6U
@TheHackersNews
23 Sept 2025
16661 Impressions
34 Retweets
97 Likes
9 Bookmarks
1 Reply
2 Quotes