• Hello and welcome! Register to enjoy full access and benefits:

    • Advertise in the Marketplace section for free.
    • Get more visibility with a signature link.
    • Company/website listings.
    • Ask & answer queries.
    • Much more...

    Register here or log in if you're already a member.

  • 🎉 WHV has crossed 14,000 monthly views and 157,000 clicks per month, as per Google Analytics! Thank you for your support! 🎉

Security Alert: Attackers Exploit BMC Firmware Bugs to Bypass Signature Verification

johny899

johny899

New Member
Content Writer
Messages
371
Reaction score
3
Points
23
Balance
$398.4USD
Can you even imagine that your server could ever have its firmware hacked?! Just recently, researchers have found that bugs and exploits in Baseboard Controller Management (BMC) firmware gave attackers the ability to install services and trigger a malicious update—all while going completely unnoticed. The thought crossed my mind, “That’s literally a secret backdoor into a locked house!”

The Issues​

BMC firmware generally features some checks & balances by employing digital signatures for updates. In Supermicro BMCs, however, an attacker could exploit a couple of software bugs—or more aptly described as clever bypasses—to compromise those controls. Here is the short version:

CVEs-2025-7937: Patch Bypass

An adversary can modify the bootloader and make the BMC execute their code even after successfully installing a security patch. The adversary does not know that they are running malware and there is no apparent sign of abnormality on the BMC.

CVE-2025-6198: Signature Table Trick

Certain hackers will create a vulnerability in the signature table by splitting firmware into sections and then convincing the system everything is normal. This results in code that remains opaque during the boot process.

The Importance of It​

These vulnerabilities show that it is not enough to only check the integrity of your bootloader. Attackers can also embed themselves in other parts of the firmware and take over the system. Even the most diligent system administrators may fall victim to this.

How to Protect Your Servers​

Are you wondering what steps you can take to stay secure? One way to lower your risks is by following these recommendations:

  • Make sure to update the firmware when new releases become available.
  • When using the firmware, validate the SHA-256 hashes to make sure the files are valid.
  • Enable hardware security features such as Root of Trust.
  • Monitor the processes running on the BMC and conduct security checking as a regular part of your operations.
Alternatively, you can monitor your firmware with Binarly Transparency Platform to potentially catch unknow problems before they escalate into a problem.

Conclusion​

BMC firmware problems may not seem serious, but they are. If you maintain or operate servers, know what systems you have and lock them down. Like your home—you don't just lock your front door.
 
You must log in or register to reply here.

Support / Help Desk

Blog - (WHV)

Hosting Reviews

Navigation

  1. WHV Forums
    1. WHV - Announcements
    2. General Discussion
    3. Introduction
    4. Web Hosting Forum
    5. Help
    6. News
  2. Marketplace
    1. VPS Offers
    2. Dedicated Server Offers
    3. Shared Hosting Offers
    4. Reseller Hosting Offers
    5. Other Offers (Not Hosting)
    6. Domains
  3. Web Hosting Discussion
    1. Hosting Software & Control Panels
    2. Other Hosting Tutorials
    3. Reviews
    4. Articles
    5. Offtopic
  4. Web Hosting Tutorials
    1. cPanel Tutorials
    2. WHM Reseller Tutorials
    3. DirectAdmin Tutorials
    4. Blesta Tutorials
    5. WHMCS Tutorials
  5. Hosting Extensions
    1. WHMCS Market
    2. Blesta Market
    3. HostBill Market
Top