Critical Flaws in Supermicro BMC Enable Irreversible AI Server Rootkits Below the OS Level
Supermicro server motherboards contain critical vulnerabilities in their Baseboard Management Controller (BMC): researchers at Binarly discovered a way to install malicious firmware that executes before the operating system and is effectively irreversible. Reportedly, one flaw stems from an incomplete prior patch, while the other is deeper still, granting attackers a similarly persistent — but more robust — foothold in infrastructure, including data centers that host AI systems.
BMCs on Supermicro boards handle remote administration, temperature monitoring, fan control, and reflashing of the UEFI responsible for OS boot. The vulnerabilities, CVE-2025-7937 and CVE-2025-6198, permit adversaries to replace signed firmware images with malicious versions that evade signature verification — because the attackers can alter the tables and memory regions where signatures and bootloaders reside.
The exploitation technique echoes the ILObleed rootkit incident: the malicious firmware survives OS reinstalls and drive replacements, rendering standard remediation practices ineffectual. According to Binarly, exploitation can proceed via two scenarios — either by directly compromising the BMC administrative interface through other vulnerabilities, or via a supply-chain compromise in which servers receive seemingly legitimate updates containing tampered images.
In the former case, an attacker needs only to apply an update containing the malicious image; in the latter, an administrator remotely receives a “trusted” update that the BMC fails to block.
At the heart of the problem lies the image-verification logic and the firmware map (fwmap) that lists the addresses of signed regions. After a January patch, Supermicro added checks that closed an exploit at one memory offset, but Binarly found a bypass via a different offset and demonstrated that the region holding the original bootloader can be replaced with arbitrary code. This elevates the attack from persistent to fully compromising — granting complete control prior to OS startup.
Supermicro has announced BMC firmware updates and is testing affected products, urging customers to consult release notes to confirm remediation. Binarly, however, reported that fixes were not immediately available on the vendor’s site and warned that a correct remediation appears nontrivial and will take time.
Exploitation of such flaws endangers both enterprise clusters and large compute farms; administrators are therefore advised to audit BMC firmware status closely and to tighten supply-chain controls for updates.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
