The Hacker NewsCybersecurity researchers have disclosed details of two security vulnerabilities impacting Supermicro Baseboard Management Controller (BMC) firmware that could potentially allow attackers to bypass crucial verification steps and update the system with a specially crafted image.
The medium-severity vulnerabilities , both of which stem from improper verification of a cryptographic signature, are listed below -
CVE-2025-7937 (CVSS score: 6.6) - A crafted firmware image can bypass the Supermicro BMC firmware verification logic of Root of Trust ( RoT ) 1.0 to update the system firmware by redirecting the program to a fake "fwmap" table in the unsigned region
CVE-2025-6198 (CVSS score: 6.4) - A crafted firmware image can bypass the Supermicro BMC firmware verification logic of the Sig
Reuters US Business
Fast Company Technology
WAND TV
TechCrunch
Mohave Valley Daily News
WMBD-Radio
The Register
The Daily Sentinel
Raw Story