Digital Event Horizon
Supermicro server motherboards have been found vulnerable to remote firmware malware attacks due to two high-severity vulnerabilities in their Baseboard Management Controller (BMC) firmware. This vulnerability could allow hackers to install malicious firmware before the operating system is loaded, making infections impossible to detect or remove without unusual protections in place.
Supermicro's server motherboards are vulnerable to remote firmware malware attacks. A security firm discovered two high-severity vulnerabilities in the Baseboard Management Controller (BMC) firmware. The vulnerabilities can allow hackers to remotely install malicious firmware, even before the operating system is loaded. Two specific vulnerabilities were identified: CVE-2024-10237 and CVE-2025-7937. These vulnerabilities can be exploited through supply chain attacks or by gaining administrative access to the BMC control interface. Supermicro has updated its BMC firmware, but the status of this update is unknown.
Supermicro, a leading manufacturer of servers and data center infrastructure, has been found to be vulnerable to remote firmware malware attacks on its server motherboards. A security firm called Binarly discovered two high-severity vulnerabilities in the Baseboard Management Controller (BMC) firmware that can allow hackers to remotely install malicious firmware, even before the operating system is loaded.
According to Alex Matrosov, founder and CEO of Binarly, the first vulnerability, CVE-2024-10237, was not fully patched by Supermicro in January, leaving a significant security hole open. The incomplete fix allowed attackers to reflash firmware that runs while a machine is booting, making it impossible to detect or remove without unusual protections in place.
The second vulnerability, CVE-2025-7937, resides inside silicon soldered onto the Supermicro motherboard and allows hackers to replace safe firmware images with malicious ones without tripping mechanisms for detecting and blocking such attacks. Binarly discovered this vulnerability after analyzing the patch Supermicro issued in January in response to a previous discovery.
BMCs provide sensitive operations, such as reflashing the firmware for the UEFI (Unified Extensible Firmware Interface) that's responsible for loading the server OS when booting. These controllers also enable some of the most sensitive operations and are enabled even when servers they're connected to are turned off.
If a potential attacker already has administrative access to the BMC control interface, the exploitation is trivial – just perform an update with a malicious image. Alternatively, malicious updates could be distributed as part of the supply chain attack, allowing attackers to replace original firmware images with malicious ones without being detected.
Supermicro has updated its BMC firmware to mitigate the vulnerabilities and advises customers to check release notes for the resolution. However, the status of the update is unknown, and Binarly believes it will take time for Supermicro to patch the bug.
The discovery of these vulnerabilities highlights the importance of keeping firmware up-to-date and being cautious when using supply chain-attacked components. With the rise of IoT devices and more connected infrastructure, the threat landscape continues to expand, making it crucial for manufacturers and users alike to prioritize security.
Related Information:
https://www.digitaleventhorizon.com/articles/Supermicro-Server-Motherboards-Vulnerable-to-Remote-Firmware-Malware-Attacks-deh.shtml
https://arstechnica.com/security/2025/09/supermicro-server-motherboards-can-be-infected-with-unremovable-malware/
Published: Wed Sep 24 09:08:44 2025 by llama3.2 3B Q4_K_M
