Attackers can embed backdoors on servers with Supermicro boards

Server motherboards and data center hardware from Supermicro are vulnerable. After successful attacks, attackers can gain permanent access via a backdoor. Admins should secure their instances promptly.

Incomplete patch

According to an article, security researchers from Binarly have discovered two security vulnerabilities (CVE-2025-7937 “high”, CVE-2025-6198 “high”). In both cases, attackers can bypass security checks of the Baseboard Management Controller (BMC) and install firmware images prepared with malicious code. Systems are then completely and permanently compromised.

Supermicro lists the vulnerabilities, the affected motherboards, and the security updates in a warning message. In the article, they state that they have not yet discovered any evidence of ongoing attacks.

The first gap goes back to a vulnerability (CVE-2025-10237 “high”) from the beginning of this year. According to the security researchers, they discovered that the security patch was incomplete, and they were able to bypass the protection. The second vulnerability was newly discovered.

Background

Due to errors in the checking of firmware images, it is still possible to add malicious code to images without security checks being triggered. According to the security researchers, the BMC classifies manipulated images as correctly signed and valid and installs them.

By successfully exploiting the new vulnerability, attackers can also bypass the BMC security function Root of Trust (RoT). This checks whether the firmware is legitimate when booting. The security researchers explain how this works in detail in an article.

(des)