wikiSecurity Advisories for Supermicro BMC
In September 2025 , Supermicro published security advisories for the BMC firmware of their mainboards. Some of these security advisories require Firmware Updates.
In this article, you will find hints on these security advisories as well as information on where to find updates for products of Thomas-Krenn.
Security Advisories
| Intel Security Advisory | title |
|---|---|
| CVE-2025-7937 | Improper Verification of Cryptographic Signature (A manipulated firmware image can bypass Supermicro's RoT 1.0 BMC firmware verification logic to update the system firmware.
The manipulated image has a customized RoT 1.0 PDBA table to redirect the program to the fake PDBA table in the unsigned area..) |
| CVE-2025-6198 | Improper Verification of Cryptographic Signature (A manipulated firmware image can bypass Supermicro´s BMC firmware verification logic for checking the signature table in order to update the system firmware.
The manipulated image has a customized signature table to redirect the program to the fake signature table in the unsigned area.) |
Updates for products of Thomas-Krenn
Updates for the corresponding system can be found in the download area of Thomas-Krenn. The updates in the download area have been tested by us to guarantee the stability and compatibility of our systems.
If you require the latest version for your system and it is not yet available in our download area, you can get it at Asus or Supermicro.
More information
- Vulnerabilities in Supermicro BMC firmware, September 2025
- Countless server mainboards susceptible for firmware backdoors (golem.de, 25.09.2025)
- Attackers can anchor rear doors on servers with Supermicro boards (heise.de, 26.09.2025]
 |
Author: Thomas-Krenn.AG At Thomas-Krenn.AG we pay attention to the best possible service. To do justice to this, we have created our Thomas-Krenn Wiki. Here we share our knowledge with you and inform you about basics and news from the IT world. You like our knowledge culture and want to become part of the team? Visit our job offers.
|
 |
Translator: Alina Ranzinger Alina has been working at Thomas-Krenn.AG since 2024. After her training as multilingual business assistant, she got her job as assistant of the Product Management and is responsible for the translation of texts and for the organisation of the department.
|
