Alert GCSA-25111 - Vulnerabilita' in Supermicro BMC Firmware
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
******************************************************************
alert ID: GCSA-25111
data: 25 settembre 2025
titolo: Vulnerabilita' in Supermicro BMC Firmware
******************************************************************
:: Descrizione del problema
Sono state individuate due vulnerabilita' di sicurezza che interessano
il Baseboard Management Controller (BMC) di Supermicro.
Tali bug potrebbero potenzialmente consentire ad aggressori remoti
di installare un firmware dannoso.
CVE-2025-7937 (CVSS score: 6.6)
A crafted firmware image can bypass the Supermicro BMC firmware verification logic of
Root of Trust (RoT) 1.0 to update the system firmware by redirecting the program to
a fake "fwmap" table in the unsigned region.
CVE-2025-6198 (CVSS score: 6.4)
A crafted firmware image can bypass the Supermicro BMC firmware verification logic of
the...