CVE-2025-6198
An attacker could trick the BMC administrator to update the BMC system with a custom image containing malicious content. This would result in the complete compromise of the BMC system, also providing access to the main host OS. It would also allow the attacker to make the attack persistent during a BMC component reboot and perform lateral movement within the compromised infrastructure, infecting other endpoints.
auth_bmc_sig function parses the sig_table section of the uploaded BMC firmware, which contains information about signed regions of the image:
offset: 0x0000000, size: 0x0100000 – bootloader
offset: 0x0100000, size: 0x0001000 – sig_table
offset: 0x0110000, size: 0x0010000 – pdb_seca
offset: 0x0130000, size: 0x03e9e00 – kernel
offset: 0x0630000, size: 0x2000000 – rootFS (1st part)
offset: 0x2630000, size: 0x064a080 – rootFS (2nd part)The firmware validation process involves calculating the SHA512 digest of these regions and comparing it with the signed with RSA4096 value placed in the firmware image. As all the regions used for the digest calculation are defined in the uploaded image itself (in the sig_table), it is possible to modify it (along with some other parts of the firmware image — for example, the kernel) and place the original data to unused space in the firmware. This means that the data will still match the original signed digest value.
For example, it is possible to modify 0x200 bytes of the kernel region at offset 0x1c5600, and then update sig_table with the following entries:
offset: 0x0000000, size: 0x0100000 – bootloader
offset: 0x0101000, size: 0x0001000 – sig_table (original)
offset: 0x0110000, size: 0x0010000 – pdb_seca
offset: 0x0130000, size: 0x0095600 – kernel (before custom content)
offset: 0x0102000, size: 0x0000200 – kernel (original data that was replaced with custom content)
offset: 0x01c5800, size: 0x0354600 – kernel (after custom content)
offset: 0x0630000, size: 0x2000000 – rootFS (1st part)
offset: 0x2630000, size: 0x064a080 – rootFS (2nd part)We were able to validate this technique on a device, and it resulted in execution of customized Linux kernel during the boot, which effectively allowed us to bypass BMC RoT feature.
Note: it is also possible to downgrage the BMC firmware. For example, when using the latest firmware, firmware image with version 01.02.06 is accepted and flashed.
Note: the X13SEM-F firmware with version 01.04.15 (SHA256: b9039a551ea31fc2590567e8d1aa3ed55dcf74a3f7694921af9e4eb2b5997064), which was released after this issue was reported to the Supermicro PSIRT, is also vulnerable.
This bug is subject to a 90 day disclosure deadline. After 90 days elapsed or a patch has been made broadly available (whichever is earlier), the bug report will become visible to the public.
BINARLY team
