During this research, Binralli discovered another vulnerability, Cve-2025-6198Related to the X13SEM-F motherboard firmware of the supermichro, also evaluated as a high severity with a CVSS score of 7.2.
While the CVE-2025-7937 or CVE-2025-6198 event will pose a major security risk, the attackers were able to exploit them, the cavet is that the attackers would need an administrator access to the attackers to do so.
It can create a sound of exploitation like a long shot-can only be exploited from far away-but as shows of countless real-world attacks, evil administrators and privileges can be obtained in a different, indirect attack.
Incomplete fix
CVE-2025-7937 and CVE-2025-6198 highlighted different issues with verification logic of Supermacro, checking process that valid firmware are being replaced with malicious code.
Binarly said that the January defect, CVE-2024-10237, made it possible to fool the verification process by adding illegal entries to the firmware map table (FWMAP) to fool the verification process so that the evil firmware matched the cryptographic price signed.
Supermichro adjusted the verification check to detect this, but through CVE -2025–7937, binomed researchers were able to renew the revised verification checking.
