Supermicro Devices Face Serious Security Threats: Binarly Discovers Two Critical Vulnerabilities
Supermicro devices, including AI data center infrastructure, face serious security threats. Binarly, a research organization, has discovered two critical vulnerabilities that provide 'unprecedented persistence', allowing attackers to install malicious code similar to the ILObleed incident.
These vulnerabilities exploit weaknesses in the Baseboard Management Controller (BMC) firmware of Supermicro motherboards. They enable hackers to replace legitimate firmware images with malicious ones, bypassing detection systems. Even with administrative access to the BMC interface or supply chain compromise, attackers can implant malware at the firmware level before the operating system starts.
The two vulnerabilities, CVE-2025-7937 and CVE-2025-6198, are found in silicon chips integrated into motherboards. Binarly also identified an incomplete fix of a previous issue, CVE-2024-10237. Removing these threats is nearly impossible due to their deep infection level.
Supermicro devices, widely used in data centers, are at risk due to these critical vulnerabilities. Binarly's discovery highlights the urgent need for robust security measures to protect against such deep-level firmware compromises. Users are advised to stay informed and follow Supermicro's guidance for mitigating these threats.
