Primary

Context

Supermicro BMC Stack-Based Buffer Overflow Vulnerability on MBD-X13SEDW-F

Vulnerability

A stack-based buffer overflow vulnerability has been identified in the Supermicro BMC web function on the MBD-X13SEDW-F motherboard. This vulnerability allows an authenticated attacker to execute arbitrary code on the BMC's firmware operating system. The issue arises in the 'upload_license.cgi' web portal endpoint, where a crafted Content-Type HTTP header can overflow a 128-byte stack buffer, overwrite the return address and registers, and lead to unauthorized code execution.

Impact

Exploitation of this vulnerability allows for a stack-based buffer overflow, where an authenticated attacker can overwrite the return address and registers, potentially leading to arbitrary code execution on the BMC's firmware operating system.

Remediation

Supermicro has developed a BMC firmware update to address this vulnerability. Affected users should check the Supermicro Release Notes for the update.

Added: Nov 18, 2025, 8:18 AM

Updated: Nov 18, 2025, 3:49 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

2.8

remediation

0.0

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

2.8

remediation

0.0

relevance

1.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Supermicro BMC Stack-Based Buffer Overflow Vulnerability on MBD-X13SEDW-F

Vulnerability

Impact

Remediation

Affected Products

Supermicro BMC

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating