Supermicro
Products
119- 37 CVEs
- 33 CVEs
- 11 CVEs
- 7 CVEs
- 7 CVEs
- 7 CVEs
- 4 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- View all 119 products →
Recent CVEs
115| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-36435 | Cri | 0.65 | 9.8 | 0.01 | Jul 11, 2024 | An issue was discovered on Supermicro BMC firmware in select X11, X12, H12, B12, X13, H13, and B13 motherboards (and CMM6 modules). An unauthenticated user can post crafted data to the interface that triggers a stack buffer overflow, and may lead to arbitrary remote code… | ||
| CVE-2025-12007 | Hig | 0.55 | 8.4 | 0.00 | Jan 16, 2026 | There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image. | ||
| CVE-2024-36434 | Hig | 0.49 | 7.5 | 0.00 | Jul 15, 2024 | An SMM callout vulnerability was discovered in Supermicro X11DPH-T, X11DPH-Tq, and X11DPH-i motherboards with BIOS firmware before 4.4. | ||
| CVE-2024-36433 | Hig | 0.49 | 7.5 | 0.00 | Jul 15, 2024 | An arbitrary memory write vulnerability was discovered in Supermicro X11DPH-T, X11DPH-Tq, and X11DPH-i motherboards with BIOS firmware before 4.4. | ||
| CVE-2024-36432 | Hig | 0.49 | 7.5 | 0.00 | Jul 15, 2024 | An arbitrary memory write vulnerability was discovered in Supermicro X11DPG-HGX2, X11PDG-QT, X11PDG-OT, and X11PDG-SN motherboards with BIOS firmware before 4.4. | ||
| CVE-2026-3820 | Hig | 0.47 | 7.2 | 0.00 | Jun 4, 2026 | There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR. An attacker may obtain administrator privileges and inject specially crafted characters into the SMTP service configuration. This may cause the underlying system to execute unintended… | ||
| CVE-2025-12006 | Hig | 0.47 | 7.2 | 0.00 | Jan 16, 2026 | There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW-F . An attacker can update the system firmware with a specially crafted image. | ||
| CVE-2025-8727 | Hig | 0.47 | 7.2 | 0.00 | Nov 18, 2025 | There is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F. After logging into the BMC Web server, an attacker can use a specially crafted payload to trigger the Stack buffer overflow vulnerability. | ||
| CVE-2025-8076 | Hig | 0.47 | 7.2 | 0.00 | Nov 18, 2025 | There is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F. After logging into the BMC Web server, an attacker can use a specially crafted payload to trigger the Stack buffer overflow vulnerability. | ||
| CVE-2025-7937 | Hig | 0.47 | 7.2 | 0.00 | Sep 19, 2025 | There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW . An attacker can update the system firmware with a specially crafted image. | ||
| CVE-2025-6198 | Hig | 0.47 | 7.2 | 0.00 | Sep 19, 2025 | There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image. | ||
| CVE-2024-10239 | Hig | 0.47 | 7.2 | 0.00 | Feb 4, 2025 | A security issue in the firmware image verification implementation at Supermicro MBD-X12DPG-OA6 . An attacker with administrator privileges can upload a specially crafted image, which can cause a stack overflow due to the unchecked fat->fsd.max_fld. | ||
| CVE-2024-10238 | Hig | 0.47 | 7.2 | 0.00 | Feb 4, 2025 | A security issue in the firmware image verification implementation at Supermicro MBD-X12DPG-OA6. An attacker can upload a specially crafted image that will cause a stack overflow is caused by not checking fld->used_bytes. | ||
| CVE-2024-10237 | Hig | 0.47 | 7.2 | 0.00 | Feb 4, 2025 | There is a vulnerability in the BMC firmware image authentication design at Supermicro MBD-X12DPG-OA6 . An attacker can modify the firmware to bypass BMC inspection and bypass the signature verification process | ||
| CVE-2018-13787 | Med | 0.44 | 6.7 | 0.00 | Jul 9, 2018 | Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and A1 products have a misconfigured Descriptor Region, allowing OS programs to modify firmware. | ||
| CVE-2025-8404 | Med | 0.36 | 5.5 | 0.00 | Nov 18, 2025 | Stack buffer overflow vulnerability exists in the Supermicro BMC Shared library. An authenticated attacker with access to the BMC exploit stack buffer via a crafted header and achieve arbitrary code execution of the BMC’s firmware operating system. | ||
| CVE-2025-7623 | Med | 0.35 | 5.4 | 0.00 | Nov 18, 2025 | Stack-based buffer overflow in the SMASH-CLP shell. An authenticated attacker with SSH access to the BMC can exploit a stack buffer overflow via a crafted SMASH command, overwrite the return address and registers, and achieve arbitrary code execution on the BMC firmware… | ||
| CVE-2025-7704 | Med | 0.35 | 5.4 | 0.00 | Nov 13, 2025 | Supermicro BMC Insyde SMASH shell program has a stacked-based overflow vulnerability | ||
| CVE-2013-3623 | 0.09 | — | 0.72 | Dec 10, 2013 | Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allow remote attackers to execute arbitrary code via the (1)… | |||
| CVE-2013-4782 | 0.05 | — | 0.26 | Jul 8, 2013 | The Supermicro BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password. |
- risk 0.65cvss 9.8epss 0.01
An issue was discovered on Supermicro BMC firmware in select X11, X12, H12, B12, X13, H13, and B13 motherboards (and CMM6 modules). An unauthenticated user can post crafted data to the interface that triggers a stack buffer overflow, and may lead to arbitrary remote code…
- risk 0.55cvss 8.4epss 0.00
There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image.
- risk 0.49cvss 7.5epss 0.00
An SMM callout vulnerability was discovered in Supermicro X11DPH-T, X11DPH-Tq, and X11DPH-i motherboards with BIOS firmware before 4.4.
- risk 0.49cvss 7.5epss 0.00
An arbitrary memory write vulnerability was discovered in Supermicro X11DPH-T, X11DPH-Tq, and X11DPH-i motherboards with BIOS firmware before 4.4.
- risk 0.49cvss 7.5epss 0.00
An arbitrary memory write vulnerability was discovered in Supermicro X11DPG-HGX2, X11PDG-QT, X11PDG-OT, and X11PDG-SN motherboards with BIOS firmware before 4.4.
- risk 0.47cvss 7.2epss 0.00
There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR. An attacker may obtain administrator privileges and inject specially crafted characters into the SMTP service configuration. This may cause the underlying system to execute unintended…
- risk 0.47cvss 7.2epss 0.00
There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW-F . An attacker can update the system firmware with a specially crafted image.
- risk 0.47cvss 7.2epss 0.00
There is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F. After logging into the BMC Web server, an attacker can use a specially crafted payload to trigger the Stack buffer overflow vulnerability.
- risk 0.47cvss 7.2epss 0.00
There is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F. After logging into the BMC Web server, an attacker can use a specially crafted payload to trigger the Stack buffer overflow vulnerability.
- risk 0.47cvss 7.2epss 0.00
There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW . An attacker can update the system firmware with a specially crafted image.
- risk 0.47cvss 7.2epss 0.00
There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image.
- risk 0.47cvss 7.2epss 0.00
A security issue in the firmware image verification implementation at Supermicro MBD-X12DPG-OA6 . An attacker with administrator privileges can upload a specially crafted image, which can cause a stack overflow due to the unchecked fat->fsd.max_fld.
- risk 0.47cvss 7.2epss 0.00
A security issue in the firmware image verification implementation at Supermicro MBD-X12DPG-OA6. An attacker can upload a specially crafted image that will cause a stack overflow is caused by not checking fld->used_bytes.
- risk 0.47cvss 7.2epss 0.00
There is a vulnerability in the BMC firmware image authentication design at Supermicro MBD-X12DPG-OA6 . An attacker can modify the firmware to bypass BMC inspection and bypass the signature verification process
- risk 0.44cvss 6.7epss 0.00
Certain Supermicro X11S, X10, X9, X8SI, K1SP, C9X299, C7, B1, A2, and A1 products have a misconfigured Descriptor Region, allowing OS programs to modify firmware.
- risk 0.36cvss 5.5epss 0.00
Stack buffer overflow vulnerability exists in the Supermicro BMC Shared library. An authenticated attacker with access to the BMC exploit stack buffer via a crafted header and achieve arbitrary code execution of the BMC’s firmware operating system.
- risk 0.35cvss 5.4epss 0.00
Stack-based buffer overflow in the SMASH-CLP shell. An authenticated attacker with SSH access to the BMC can exploit a stack buffer overflow via a crafted SMASH command, overwrite the return address and registers, and achieve arbitrary code execution on the BMC firmware…
- risk 0.35cvss 5.4epss 0.00
Supermicro BMC Insyde SMASH shell program has a stacked-based overflow vulnerability
- CVE-2013-3623Dec 10, 2013risk 0.09cvss —epss 0.72
Multiple stack-based buffer overflows in cgi/close_window.cgi in the web interface in the Intelligent Platform Management Interface (IPMI) with firmware before 3.15 (SMT_X9_315) on Supermicro X9 generation motherboards allow remote attackers to execute arbitrary code via the (1)…
- CVE-2013-4782Jul 8, 2013risk 0.05cvss —epss 0.26
The Supermicro BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.