Primary

Context

Supermicro BMC Shared Library Stack Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

Vulnerability

A stack-based buffer overflow vulnerability has been identified in the Supermicro BMC Shared library. This vulnerability allows an authenticated attacker with access to the BMC to overflow a 128-byte stack buffer by sending a crafted Content-Type HTTP header. Exploitation of this vulnerability could lead to arbitrary code execution within the BMC's firmware operating system.

Impact

Exploitation of this vulnerability could result in unauthorized arbitrary code execution on the BMC's firmware operating system.

Remediation

Affected Supermicro motherboard SKUs will require a BMC update to mitigate this vulnerability. An updated BMC firmware has been created and is currently being tested and validated. Please check the Supermicro Release Notes for the resolution.

Added: Nov 18, 2025, 8:18 AM

Updated: Nov 18, 2025, 3:49 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

7.5

exploitability

4.9

remediation

6.0

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

7.5

exploitability

4.9

remediation

6.0

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Supermicro BMC Shared Library Stack Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

Supermicro BMC

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating