Supermicro has issued patches for two critical Baseboard Management Controller (BMC) vulnerabilities, CVE-2025-7937 and CVE-2025-6198, which enable attackers to conduct malicious firmware updates and achieve persistent control over both the BMC and the operating system. One vulnerability represents a bypass of a previous patch, underscoring the inherent fragility of firmware validation, while the other can also compromise the Root of Trust. Although no in-the-wild exploitation has been reported, these flaws pose significant operational and security risks for enterprise organizations relying on Supermicro hardware, potentially impacting critical infrastructure and data integrity.
Supermicro (SMCI) has addressed two critical security vulnerabilities within its Baseboard Management Controllers (BMCs), a core component for remote server administration. The flaws, identified as CVE-2025-7937 and CVE-2025-6198, enable attackers to execute malicious firmware updates, potentially gaining persistent and complete control over both the BMC and the host operating system. This development is particularly concerning for two reasons: firstly, CVE-2025-7937 represents a bypass of a previous patch, raising questions about the efficacy of the company's security validation process. Secondly, CVE-2025-6198 can compromise the hardware Root of Trust (RoT), undermining a fundamental security feature that ensures firmware integrity. While Supermicro has released patches and states there is no evidence of in-the-wild exploitation, the incident, which carries a "strongly negative" sentiment score (-0.65), highlights a significant operational and reputational risk for the company, whose enterprise clients rely on the security of its hardware for critical infrastructure.
AI-powered research, real-time alerts, and portfolio analytics for institutional investors.
Request a DemoOverall Sentiment
strongly negative
Sentiment Score
-0.65
Ticker Sentiment
