Cybersecurity researchers disclosed two critical vulnerabilities (CVE-2025-7937 and CVE-2025-6198) in Supermicro’s Baseboard Management Controller (BMC) firmware, stemming from improper cryptographic signature verification. These flaws allow attackers to bypass the Root of Trust (RoT) 1.0 and Signing Table validation mechanisms, enabling the deployment of malicious firmware updates via manipulated 'fwmap' or 'sig_table' entries. Exploitation could grant adversaries persistent, full control over the BMC and the host server’s OS, undermining the entire system’s integrity.The vulnerabilities build upon prior flaws (e.g., CVE-2024-10237), which Supermicro’s patches failed to fully mitigate. Researchers demonstrated that attackers could insert custom firmware regions, relocate signed content to unused memory, and maintain valid cryptographic hashes—effectively tricking the system into accepting malicious updates. Worse, CVE-2025-6198 bypasses hardware RoT protections, meaning a leaked signing key could compromise Supermicro’s entire ecosystem. Given the BMC’s role in managing servers (including those in data centers, cloud infrastructure, and critical enterprises), successful exploitation risks large-scale supply chain attacks, enabling lateral movement, data theft, or sabotage across dependent organizations.The flaws highlight systemic risks in firmware security, particularly the reuse of cryptographic keys (e.g., past incidents like PKfail or Intel Boot Guard leaks), which could amplify the attack’s reach. While no active exploitation has been reported, the potential for persistent, stealthy compromise of enterprise hardware poses severe operational and reputational threats to Supermicro and its customers.