wikiSupermicro BMC safety instructions November 2025
In November 2025, Supermicro published safety instructions for its mainboards. Some of these safety vulnerabilities require firmware updates.
In this article, you will find information on these security vulnerabilities and where to find updates for products of Thomas-Krenn.
Security Advisories
| CVE | risk potential: | title |
|---|---|---|
| CVE-2025-7623 | 5.4 (medium) | Stack-based buffer overflow (Stack-based buffer overflow in the SMASH-CLP-Shell. An authenticated attacker with SSH access to the BMC can exploit a stack-based buffer overflow via a manipulated SMASH command, overwrite the return address and registers, and thus execute potentially malicious code on the operating system of the BMC firmware.) |
| CVE-2025-8076 | 7.2 (high) | Stack-based buffer overflow (After applicating on the BMC-webserver, the attacker can use a specially designed payload to release a stack-based buffer overflow.) |
| CVE-2025-8404 | 5.5 (medium) | Stack-based buffer overflow (Stack-based buffer overflow in the Supermicro BMC shared library. An authentified attacker with access on the BMC Exploit-stack buffer can execute potentially malicious code on the operating system of the BMC-firmware via manipulated header.) |
| CVE-2025-8727 | 7.2 (high) | Stack-based buffer overflow (After applicating on the BMC-webserver, an attacker can use a specially designed payload to release a stack-based buffer overflow.) |
Updates for products of Thomas-Krenn
Updates for the corresponding system can be found in the download area of Thomas-Krenn. The updates in the download area have been tested by us to guarantee the stability and compatibility of our systems.
If you require the latest version for your system and it is not yet available in our download area, you can get it at Asus oder Supermicro.
More information
 |
Author: Thomas-Krenn.AG At Thomas-Krenn.AG we pay attention to the best possible service. To do justice to this, we have created our Thomas-Krenn Wiki. Here we share our knowledge with you and inform you about basics and news from the IT world. You like our knowledge culture and want to become part of the team? Visit our job offers.
|
 |
Translator: Alina Ranzinger Alina has been working at Thomas-Krenn.AG since 2024. After her training as multilingual business assistant, she got her job as assistant of the Product Management and is responsible for the translation of texts and for the organisation of the department.
|
