CVE-2025-7937

CVSS v2.0

9.0

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Supermicro BMC firmware versions (affected versions not specified)

Description An issue exists in the Supermicro BMC firmware validation logic on Supermicro MBD-X12STW. An attacker can update the system firmware with a specially crafted image. Exploitation of this issue may allow a remote attacker to install and execute a malformed BMC firmware update image, potentially creating persistent backdoors. The vulnerability relates to errors in the cryptographic signature verification process within the BMC web interface.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Verification of Cryptographic Signature

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-347

Related Identifiers

BDU:2025-12564

CVE-2025-7937

Affected Products

Supermicro Bmc Firmware

Supermicro Mbd-X12Stw

CVE-2025-7937

Weakness Enumeration

Related Identifiers

Affected Products

References · 25