heise PlusAbo
Anzeige

BIOS security vulnerability: Malware attacks on Dell servers possible

Various models of Dell's PowerEdge server line are vulnerable. Security patches are available.

listen Print view
A symbolic update button on a keyboard.

(Image: Artur Szczybylo/Shutterstock.com)

1 min. read
Security
By

Due to a BIOS vulnerability, attackers can attack Dell PowerEdge servers and completely compromise systems. So far, there are no reports that attackers are already exploiting the loophole. Admins should install the security updates promptly.

Videos by heise

In a warning message, Dell lists the affected PowerEdge server models. These include, for example, PowerEdge R770, PowerEdge M7725, and PowerEdge R750XA. The vulnerability (CVE-2025-42446 "high") is found in the BIOS developed by American Megatrends Inc. (AMI). Attackers can use this to initiate a malware attack in an unspecified way. Specifically, the SSM Module SmmWhea is affected. As can be seen from a post by AMI, the loophole has been known since May of this year. Why Dell is only now addressing the vulnerability is currently unknown.

Dell assures that firmwares 1.4.1, 1.5.3, 1.6.4, 1.10.3, 1.15.3, 1.19.2, 1.21.1, 2.19.1, 2.21.1, 2.4.0 and 2.8.2 are secured.

(des)

Don't miss any news – follow us on Facebook, LinkedIn or Mastodon.

This article was originally published in German. It was translated with technical assistance and editorially reviewed before publication.

Beliebte Bestenlisten

Alle Angebote
Newsletter heise-Bot heise-Bot Push Nachrichten Push Push-Nachrichten