Primary

Context

Supermicro BMC Firmware Stack-Based Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A stack-based buffer overflow vulnerability has been identified in the SMASH-CLP shell of Supermicro BMC firmware. This vulnerability allows an authenticated attacker with SSH access to the BMC to exploit a 260-byte stack buffer overflow by sending a crafted SMASH command. The exploitation overwrites the return address and registers, leading to arbitrary code execution on the BMC firmware operating system.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the BMC firmware operating system.

Remediation

Affected Supermicro motherboard SKUs will require a BMC update to mitigate this vulnerability. An updated BMC firmware has been created and is currently being tested and validated. Please check the Supermicro Release Notes for the resolution.

Added: Nov 18, 2025, 7:17 AM

Updated: Nov 18, 2025, 8:23 AM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

7.5

exploitability

4.9

remediation

8.3

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

7.5

exploitability

4.9

remediation

8.3

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Supermicro BMC Firmware Stack-Based Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

Supermicro BMC

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating