Experts warn Supermicro motherboards can be infected with "unremovable" new malware - here's what we know

News
By published

Last year's fix wasn't good enough, Binarly says

Cybersecurity ensures data protection on internet. Data encryption, firewall, encrypted network, VPN, secure access and authentication defend against malware, hacking, cyber crime and digital threat
(Image credit: Shutterstock)
  • Binarly finds new Supermicro BMC flaws enabling persistent, unremovable malware installation
  • Attackers can bypass previous patches and exploit firmware validation logic inconsistencies
  • Researchers recommend hardware-backed Root of Trust and stricter firmware integrity checks

Motherboards built by Supermicro can be infected by “unremovable” malware, security experts from Binarly have said, in a recently published detailed analysis of two newly discovered vulnerabilities.

The vulnerabilities were found in Supermicro’s Baseboard Management Controller (BMC) firmware, which effectively revive a previously patched issue and expose critical weaknesses in the firmware’s validation process.

A Baseboard Management Controller (BMC) is a microcontroller built into server motherboards that enables out-of-band system management. It runs independently of the main CPU and allows admins to maintain servers remotely, even when they’re shut down. Earlier in 2025, a vulnerability tracked as CVE-2024-10237 was patched. The bug was a logic flaw in the image authentication design that allowed attackers to reflash the BMC SPI chip with malicious firmware.

Passing validation checks

Now, security researchers Binarly found a way to bypass this fix and still flash malicious firmware, gaining persistent control over BMC servers, a discovery which resulted in two listed flaws: CVE-2025-7937 and CVE-2025-6198.

CVE-2025-7937 represents a bypass of the original patch, enabling attackers to exploit the same vulnerability through somewhat modified techniques. CVE-2025-6198, on the other hand, affects other Supermicro products and uses a distinct exploitation method to achieve similar results, including the ability to circumvent the Root of Trust (RoT) security feature.

Binarly says these vulnerabilities are particularly dangerous since they allow threat actors with admin access to upload specially crafted firmware images that pass validation checks, despite being malicious.

Once installed, the rogue firmware can provide full and persistent control over both the BMC and the host operating system, granting a level of access that’s difficult to detect and remove.

Binarly’s investigation revealed the firmware validation process across Supermicro devices typically involves three steps, but inconsistencies and flawed logic in implementation left room for exploitation.

As a result, they are warning against relying exclusively on software-based validation mechanisms, and instead advise for stronger protections such as hardware-backed RoT features and stronger integrity checks during firmware updates.

Via BleepingComputer

You might also like

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.