Throughout this analysis, Binarly found a second vulnerability, CVE-2025-6198, regarding Supermicro’s X13SEM-F motherboard firmware, additionally rated as excessive severity with a CVSS rating of seven.2.
Whereas CVE-2025-7937 or CVE-2025-6198 would pose main safety dangers within the occasion attackers had been capable of exploit them, the caveat is that to take action the attackers would want to have established admin entry to the methods to work together with the firmware.
Which may make exploitation sound like a protracted shot — neither might be exploited remotely — however as numerous real-world assaults present, rogue admin entry and privilege elevation might be gained in a separate, oblique assault.
Incomplete repair
CVE-2025-7937 and CVE-2025-6198 uncovered totally different points with Supermicro’s validation logic, the checking course of that’s speculated to cease respectable firmware being changed with malicious code.
Binarly mentioned that the January flaw, CVE-2024-10237, made it potential to idiot the validation course of by including illicit entries to the firmware map desk (fwmap) in order that the rogue firmware matched the cryptographically signed worth.
Supermicro adjusted the validation checks to detect this, however via CVE-2025-7937, Binarly researchers had been capable of re-target the modified validation checking.
