CVE-2024-10237

SMC BMC Firmware Image Authentication Design Issue

Basic Information

CVE State: PUBLISHED
Reserved Date: October 22, 2024
Published Date: February 04, 2025
Last Updated: February 04, 2025
Vendor: SMCI
Product: MBD-X12DPG-OA6
Description: There is a vulnerability in the BMC firmware image authentication design at Supermicro MBD-X12DPG-OA6 . An attacker can modify the firmware to bypass BMC inspection and bypass the signature verification process

CVSS Scores

CVSS v3.1

7.2 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

SSVC Information

Exploitation: none
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (2025-09-25 15:10:05 UTC) Source

References

https://www.supermicro.com/en/support/security_BMC_IPMI_Jan_2025

Known Exploited Vulnerability Information

Source	Added Date
The Shadowserver (via CIRCL)	2025-09-25 15:10:05 UTC

Timeline

CVE ID Reserved

October 22, 2024
CVE Published to Public

February 04, 2025
Added to KEVIntel

September 25, 2025