Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-12007

Summary
Assigner-Supermicro
Assigner Org ID-def9a96e-e099-41a9-bfac-30fd4f82c411
Published At-16 Jan, 2026 | 08:39
Updated At-26 Feb, 2026 | 21:39
Rejected At-
Credits

Supermicro BMC firmware update validation bypass

There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Supermicro
Assigner Org ID:def9a96e-e099-41a9-bfac-30fd4f82c411
Published At:16 Jan, 2026 | 08:39
Updated At:26 Feb, 2026 | 21:39
Rejected At:
▼CVE Numbering Authority (CNA)
Supermicro BMC firmware update validation bypass

There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image.

Affected Products
Vendor
SMCI
Product
X13SEM-F
Platforms
  • BMC
Default Status
unaffected
Versions
Affected
  • 01.05.02
Unaffected
  • fixed in 01.06.10
Problem Types
TypeCWE IDDescription
CWECWE-347CWE-347 Improper Verification of Cryptographic Signature
Type: CWE
CWE ID: CWE-347
Description: CWE-347 Improper Verification of Cryptographic Signature
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-473CAPEC-473 Signature Spoofing by Improper Validation
CAPEC ID: CAPEC-473
Description: CAPEC-473 Signature Spoofing by Improper Validation
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Binarly Inc.
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.supermicro.com/en/support/security_BMC_IPMI_Jan_2026
N/A
Hyperlink: https://www.supermicro.com/en/support/security_BMC_IPMI_Jan_2026
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
3.18.4HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:def9a96e-e099-41a9-bfac-30fd4f82c411
Published At:16 Jan, 2026 | 09:15
Updated At:26 Feb, 2026 | 22:20

There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.4HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 8.4
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-347Secondarydef9a96e-e099-41a9-bfac-30fd4f82c411
CWE ID: CWE-347
Type: Secondary
Source: def9a96e-e099-41a9-bfac-30fd4f82c411
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.supermicro.com/en/support/security_BMC_IPMI_Jan_2026def9a96e-e099-41a9-bfac-30fd4f82c411
N/A
Hyperlink: https://www.supermicro.com/en/support/security_BMC_IPMI_Jan_2026
Source: def9a96e-e099-41a9-bfac-30fd4f82c411
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

5Records found
CVE-2024-10237
Matching Score-6
Assigner-Super Micro Computer, Inc.
ShareView Details
Matching Score-6
Assigner-Super Micro Computer, Inc.
CVSS Score-7.2||HIGH
EPSS-0.02% / 4.11%
||
7 Day CHG~0.00%
Published-04 Feb, 2025 | 07:59
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SMC BMC Firmware Image Authentication Design Issue

There is a vulnerability in the BMC firmware image authentication design at Supermicro MBD-X12DPG-OA6 . An attacker can modify the firmware to bypass BMC inspection and bypass the signature verification process

Action-Not Available
Vendor-SMCI
Product-MBD-X12DPG-OA6
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2025-7937
Matching Score-6
Assigner-Super Micro Computer, Inc.
ShareView Details
Matching Score-6
Assigner-Super Micro Computer, Inc.
CVSS Score-7.2||HIGH
EPSS-0.08% / 22.93%
||
7 Day CHG~0.00%
Published-19 Sep, 2025 | 02:09
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Supermicro BMC firmware update validation bypass

There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW . An attacker can update the system firmware with a specially crafted image.

Action-Not Available
Vendor-SMCI
Product-MBD-X12STW
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2025-6198
Matching Score-6
Assigner-Super Micro Computer, Inc.
ShareView Details
Matching Score-6
Assigner-Super Micro Computer, Inc.
CVSS Score-7.2||HIGH
EPSS-0.08% / 22.93%
||
7 Day CHG~0.00%
Published-19 Sep, 2025 | 01:45
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Supermicro BMC firmware update validation bypass

There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image.

Action-Not Available
Vendor-SMCI
Product-X13SEM-F
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2025-12006
Matching Score-6
Assigner-Super Micro Computer, Inc.
ShareView Details
Matching Score-6
Assigner-Super Micro Computer, Inc.
CVSS Score-7.2||HIGH
EPSS-0.02% / 3.85%
||
7 Day CHG~0.00%
Published-16 Jan, 2026 | 08:36
Updated-26 Feb, 2026 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Supermicro BMC firmware update validation bypass

There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW-F . An attacker can update the system firmware with a specially crafted image.

Action-Not Available
Vendor-SMCI
Product-X12STW-F
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2025-23364
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 8.87%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 10:34
Updated-21 Aug, 2025 | 15:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in TIA Administrator (All versions < V3.0.6). The affected application improperly validates code signing certificates. This could allow an attacker to bypass the check and exceute arbitrary code during installations.

Action-Not Available
Vendor-Siemens AG
Product-tia_administratorTIA Administrator
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
Details not found