Primary

Context

Supermicro BMC IPMI Firmware Stack Overflow Vulnerability

Vulnerability

A stack overflow vulnerability has been identified in the BMC IPMI firmware of Supermicro motherboards, specifically in the MBD-X12DPG-OA6 model. This vulnerability arises from the firmware image verification process, which fails to properly validate the 'used_bytes' field. As a result, an attacker could upload a specially crafted firmware image that exploits this oversight, leading to a stack overflow condition.

Impact

Exploitation of this vulnerability causes a stack overflow, which can potentially be leveraged to execute arbitrary code or cause a denial-of-service condition by crashing the system.

Remediation

Users are advised to update the BMC firmware to the latest version. An updated firmware has been released to address this vulnerability. For immediate guidance, refer to the Supermicro BMC Configuration Best Practices Guide.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

4.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

4.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Supermicro BMC IPMI Firmware Stack Overflow Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Supermicro MBD-X12DPG-OA6

Supermicro BMC IPMI Firmware

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating