Vulnerability Disclosure:
The purpose of this disclosure is to communicate the potential vulnerabilities affecting Supermicro products that were reported by an external researcher.
Acknowledgement:
Supermicro would like to acknowledge the work done by Binarly researchers to discover potential vulnerabilities in Supermicro BMC Firmware.
Summary:
Two security issues have been discovered in select supermicro boards. These issues may affect Supermicro BMC Firmware.
| CVE ID | Severity | Issue Type | Description |
|---|---|---|---|
| High | Improper Verification of Cryptographic Signature | Vulnerability in the Supermicro BMC firmware authentication design, allowing a potential attacker to update the system firmware with a specially crafted image. 7.2 High AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | |
| High | Improper Verification of Cryptographic Signature | Vulnerability in the Supermicro BMC firmware authentication design, allowing a potential attacker to update the system firmware with a specially crafted image. 7.2 High AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Affected products:
CVE-2025-12006
| Motherboard | BMC FW Version with the Fix |
|---|---|
| MBD-X11DGQ | 3.77.17 |
| MBD-X11DPD-L | 3.77.17 |
| MBD-X11DPD-M25 | 3.77.17 |
| MBD-X11DPFF-SN | 3.77.17 |
| MBD-X11DPL-I | 3.77.17 |
| MBD-X11DPS-R | 3.77.17 |
| MBD-X11DPS-RE | 3.77.17 |
| MBD-X11DPT-L | 3.77.17 |
| MBD-X11DSC+ | 3.77.17 |
| MBD-X11DSF-E | 3.77.17 |
| MBD-X11DSF | 3.77.17 |
| MBD-X11SCW-F-AM047 | 3.77.17 |
| MBD-X11SCW-F-B | 3.77.17 |
| MBD-X11SCW-F-O | 3.77.17 |
| MBD-X11SCW-F | 3.77.17 |
| MBD-X11SRI-IF | 3.77.17 |
| MBD-B12DPT | 01.08.08 |
| MBD-B12SPE-CPU-TF | 01.08.08 |
| MBD-BH12SSI-M25 | 01.08.08 |
| MBD-X12DPD-A6M25 | 01.08.08 |
| MBD-X12DPT-B6 | 01.08.08 |
| MBD-X12DPT-B6S | 01.08.08 |
| MBD-X12DPTS6 | 01.08.08 |
| MBD-X12DPTT46 | 01.08.08 |
| MBD-X12DPTT6 | 01.08.08 |
| MBD-X12DPTT6S | 01.08.08 |
| MBD-X12SPTT | 01.08.08 |
| MBD-B12DPT-6 | 01.08.08 |
| MBD-H12SSFF-AN6 | 01.08.08 |
| MBD-X12DPG-OA6-GD2 | 01.08.08 |
| MBD-X12DPG-OA6 | 01.08.08 |
| MBD-X12DGQ-R | 01.08.07 |
| MBD-X12DPG-QR | 01.08.07 |
| MBD-B12DPE-6 | 01.08.08 |
| MBD-B12SPE-CPU-25G | 01.08.08 |
| MBD-X12STW-F | 01.08.08 |
| MBD-X12STW-TF | 01.08.08 |
| MBD-B3ST1-CPU-001 | 01.08.08 |
| MBD-X11DPFF-SNR | 1.01.27 |
| MBD-X12DPT-B6 | 01.08.08 |
CVE-2025-12007
| Motherboard | BMC FW Version with the Fix |
|---|---|
| MBD-X13DEM | 01.06.10 |
| MBD-X13DET-B | 01.06.10 |
| MBD-X13DSF-A | 01.06.10 |
| MBD-X13SEDW-F | 01.06.10 |
| MBD-X13SEED-F | 01.06.10 |
| MBD-X13SEED-SF | 01.06.10 |
| MBD-X13SEFR-A | 01.06.10 |
| MBD-X13SEM-F | 01.06.10 |
| MBD-X13SEM-TF | 01.06.10 |
| MBD-X13SETT | 01.06.10 |
| MBD-X13SEVR-SP13F | 01.06.10 |
| MBD-X13OEI-CPU | 01.06.10 |
| MBD-B13DEE | 01.06.10 |
| MBD-B13DET | 01.06.10 |
| MBD-B13SEE-CPU-25G | 01.06.10 |
| MBD-B13SEG | 01.06.10 |
| MBD-X13DEG-QT | 01.04.21 |
| MBD-X13QEH+ | 01.04.22 |
| MBD-X13SET-G | 01.04.22 |
| MBD-X13SET-GC | 01.04.22 |
| MBD-B4SA1-CPU | 01.06.10 |
| MBD-B4SC1-CPU | 01.06.10 |
| MBD-BH4SRG | 01.06.10 |
| MBD-H13QSH | 01.06.10 |
| MBD-H13SRH | 01.06.10 |
| MBD-H13SSF | 01.06.10 |
| MBD-H13SSH | 01.06.10 |
| MBD-G1SMH-G | 01.06.10 |
| MBD-G1SMH | 01.06.10 |
| MBD-X13DEH | 01.06.10 |
| MBD-X13SAW-F | 01.06.11 |
| MBD-X13SAW-TLN4F | 01.06.11 |
| MBD-X13SCW-F | 01.06.11 |
| MBD-X14DBM-AP | 01.04.00.07 |
| MBD-X14DBM-APL | 01.04.00.07 |
| MBD-X14DBM-SP | 01.04.00.07 |
| MBD-X14DBT-B | 01.04.00.07 |
| MBD-X14DBT-FAP | 01.04.00.07 |
| MBD-X14DBT-FLAP | 01.04.00.07 |
| MBD-X14QBH+ | 01.04.00.07 |
| MBD-X14SBH-AP | 01.04.00.07 |
| MBD-X14SBH | 01.04.00.07 |
| MBD-X14SBM-TF | 01.04.00.07 |
| MBD-X14SBM-TP4F | 01.04.00.07 |
| MBD-X14SDV-20C-SP3F | 01.04.00.07 |
| MBD-X14SDV-20C-SP9F | 01.04.00.07 |
| MBD-X14SDV-32C-SP3F | 01.04.00.07 |
| MBD-X14SDV-32C-SP9F | 01.04.00.07 |
| MBD-X14SDV-36C-SP3F | 01.04.00.07 |
| MBD-X14SDV-36C-SP9F | 01.04.00.07 |
| MBD-X14SDV-36CE-SP3F | 01.04.00.07 |
| MBD-X14SDV-36CE-SP9F | 01.04.00.07 |
| MBD-X14SDV-42C-SP3F | 01.04.00.07 |
| MBD-X14SDV-42C-SP9F | 01.04.00.07 |
| MBD-X14SDW-36C-SP9F | 01.04.00.07 |
| MBD-X14SDW-36CE-SP9F | 01.04.00.07 |
| MBD-X14SDW-40C-SP9F | 01.04.00.07 |
| MBD-X14SDW-42C-SP9F | 01.04.00.07 |
| MBD-X14SDW-64C-SP9F | 01.04.00.07 |
| MBD-X14SDW-64CM-SP9F | 01.04.00.07 |
| MBD-X14SDW-72C-SP9F | 01.04.00.07 |
| MBD-H13DSG-OM | 01.06.10 |
| MBD-B3SD1-20C-25G | 01.08.08 |
| MBD-X14SBHM | 01.04.00.07 |
| MBD-B14DBE-AP | 01.04.00.07 |
| MBD-B14DBE | 01.04.00.07 |
| MBD-B14DBT | 01.04.00.07 |
| MBD-B14SBE-CPU-25G | 01.04.00.07 |
| MBD-B14SBE-CPU-AP | 01.04.00.07 |
| MBD-X14DBG-GD | 01.04.00.07 |
| MBD-X14DBG-XAP | 01.04.00.07 |
| MBD-X14SBT-G | 01.04.00.07 |
| MBD-X14SBT-GAP | 01.04.00.07 |
| MBD-H14DSH-TI036 | 01.04.00.07 |
| MBD-H14DST-F | 01.04.00.07 |
| MBD-H14DSG-OD | 01.04.00.07 |
| MBD-H14DSG-OM | 01.04.00.07 |
| MBD-G2DMH-GI | 01.04.00.07 |
| MBD-X14DBG-MAP | 01.04.00.07 |
| MBD-X14SBGM | 01.04.00.07 |
| MBD-X14DBG-LC+ | 01.04.00.07 |
| MBD-X14DBG-LC | 01.04.00.07 |
| MBM-CMM-6-01-FI005 | 01.08.07 |
| MBB-CMM-6 | 01.08.07 |
| MBM-CMM-6-01-HN004 | N/A |
| MBM-CMM-6 | N/A |
| MBM-CMM-6-IN001 | N/A |
Please note: special BMC Firmware installation handling may be required
Follow the Release Notes for upgrade steps and verify your motherboard and firmware versions. Some platforms may require transition firmware before applying fixes for CVE-2025-12006 and CVE-2025-12007. The transition firmware should be included in the package and should only be used for upgrading. For questions, contact Supermicro Technical Support.
Remediation:
All affected Supermicro motherboard SKUs will require a BMC update to mitigate these potential vulnerabilities.
Updated BMC firmware has been created to mitigate these potential vulnerabilities. Supermicro is currently testing and validating affected products. Please check Release notes for the resolution.
Exploitation and Public Announcements:
Supermicro is not aware of any malicious use of these vulnerabilities in the wild.