Throughout this analysis, Binarly found a second vulnerability, CVE-2025-6198, regarding Supermicro’s X13SEM-F motherboard firmware, additionally rated as excessive severity with a CVSS rating of seven.2.
Whereas CVE-2025-7937 or CVE-2025-6198 would pose main security dangers within the occasion attackers have been capable of exploit them, the caveat is that to take action the attackers would want to have established admin entry to the techniques to work together with the firmware.
That may make exploitation sound like an extended shot — neither might be exploited remotely — however as numerous real-world assaults present, rogue admin entry and privilege elevation might be gained in a separate, oblique assault.
Incomplete repair
CVE-2025-7937 and CVE-2025-6198 uncovered totally different points with Supermicro’s validation logic, the checking course of that’s imagined to cease reputable firmware being changed with malicious code.
Binarly stated that the January flaw, CVE-2024-10237, made it potential to idiot the validation course of by including illicit entries to the firmware map desk (fwmap) in order that the rogue firmware matched the cryptographically signed worth.
Supermicro adjusted the validation checks to detect this, however via CVE-2025-7937, Binarly researchers have been capable of re-target the modified validation checking.
