Alert GCSA-25111 - Vulnerabilita' in Supermicro BMC Firmware
****************************************************************** Alert ID: GCSA-25111 data: 25 settembre 2025 titolo: Vulnerabilita' in Supermicro BMC Firmware ****************************************************************** :: Descrizione del problema Sono state individuate due vulnerabilita' di sicurezza che interessano il Baseboard Management Controller (BMC) di Supermicro. Tali bug potrebbero potenzialmente consentire ad aggressori remoti di installare un firmware dannoso. CVE-2025-7937 (CVSS score: 6.6) A crafted firmware image can bypass the Supermicro BMC firmware verification logic of Root of Trust (RoT) 1.0 to update the system firmware by redirecting the program to a fake "fwmap" table in the unsigned region. CVE-2025-6198 (CVSS score: 6.4) A crafted firmware image can bypass the Supermicro BMC firmware verification logic of the Signing Table to update the system firmware by redirecting the program to ...