Supermicro has fixed a flaw that bypasses a previous patch of a high-severity Baseboard Management Controller (BMC) firmware image authentication vulnerability.

The underlying vulnerability involves manipulation of a table, fwmap, included in an uploaded firmware image, which is used to identify the offset location, sizes, attributes and signature status of each firmware region.

The Supermicro BMC firmware authentication logic relies on fwmap to determine which image regions it uses to generate a hash digest; using its public key, the device can determine whether the image’s digital signature was produced by the vendor’s private key over the same digest, verifying the integrity of the image.

The original flaw CVE-2024-10237 could have enabled an attacker to tamper with the firmware image while still passing authentication by copying the valid signed regions to new offset locations, altering fwmap to point to these new locations and adding custom content in the old locations.

Supermicro patched this flaw by adding two new check functions, fwmap_offset_check and fwmap_attr_check, which enforce “whitelists” of offsets and attributes that can be marked as signed in fwmap entries.

However, the Binarly Research Team found that they could bypass this fix by inserting a new custom fwmap table before the original one.

This new fwmap contains a single entry labeled “bootloader” that points to an allowed offset containing concatenated copies of all the legitimately signed regions; because the entry uses a whitelisted attribute and offset it passes both checks and the verifier calculates a digest that matches the existing signature. The attacker can then insert their own custom content at the original bootloader location at the start of the image.

Supermicro has since fixed this bypass flaw, with all affected motherboards and fixed firmware versions listed in its September 2025 advisory.

Binarly also discovered a similar flaw affecting additional products, tracked as CVE-2025-6198, which bypasses the BMC firmware Root of Trust (RoT) feature and makes it possible to manipulate the firmware image while passing authentication through alterations to sig_table, a counterpart of fwmap. The researchers noted this flaw also made it possible to downgrade the BMC firmware version on the X13SEM-F motherboard. Affected motherboards and fixed versions for CVE-2025-6198 are also included in Supermicro’s September advisory.

To help ensure the integrity of firmware updates, Binarly recommends users always keep their firmware updated to the latest version and only obtain firmware images from the official vendor website rather than third-party sources or repositories. Organizations should also continuously monitor for unusual BMC behavior and conduct regular security audits of their BMC infrastructure.