Primary

Context

Supermicro BMC Stack-Based Buffer Overflow Vulnerability in Insyde SMASH Shell

Vulnerability

A stack-based buffer overflow vulnerability has been identified in the Supermicro BMC Insyde SMASH shell program. This vulnerability allows an attacker to manipulate an environment variable to inject a shell string into the program, leading to program execution corruption. The issue affects select Supermicro motherboards and CMMs.

Impact

Exploitation of this vulnerability could allow for a stack-based buffer overflow, potentially leading to arbitrary code execution by overwriting the return address on the stack.

Remediation

Affected Supermicro motherboard SKUs will require a BMC update to mitigate this vulnerability. An updated BMC firmware is being tested and validated for affected products. Please check the Supermicro Release Notes for the resolution.

Added: Nov 13, 2025, 10:17 AM

Updated: Nov 13, 2025, 10:17 AM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

4.5

remediation

6.0

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

4.5

remediation

6.0

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Supermicro BMC Stack-Based Buffer Overflow Vulnerability in Insyde SMASH Shell

Vulnerability

Impact

Remediation

Affected Products

Supermicro BMC

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating