Binarly has identified critical, high-severity vulnerabilities (CVE-2025-7937, CVE-2025-6198) in Supermicro server motherboards, including those deployed in AI data centers, which allow remote installation of malicious firmware that executes before the operating system. These flaws, one resulting from an incomplete Supermicro patch, offer "unprecedented persistence" and could enable undetectable data destruction akin to ILObleed attacks, presenting substantial security and operational risks for institutional investors and organizations reliant on Supermicro infrastructure.
Supermicro (SMCI) is exposed to significant reputational and operational risk following the discovery of two high-severity vulnerabilities (CVE-2025-7937, CVE-2025-6198) in its server motherboard Baseboard Management Controllers (BMCs). These vulnerabilities allow for the remote installation of malicious firmware that executes before the operating system, creating what security researchers call "unprecedented persistence" that is extremely difficult to detect or remove. The direct impact on fleets within AI data centers is particularly concerning, as it threatens the core of SMCI's recent growth narrative. The situation is exacerbated by the fact that one vulnerability resulted from an "incomplete patch" for a prior issue, raising fundamental questions about the company's security engineering quality and response protocols. The comparison to the destructive ILObleed wiper attacks highlights the potential for severe customer data loss, which could lead to a loss of trust and a flight-to-quality among enterprise clients.
AI-powered research, real-time alerts, and portfolio analytics for institutional investors.
Request a DemoOverall Sentiment
extremely negative
Sentiment Score
-0.85
Ticker Sentiment
