CVE-2025-12007

CVE-2025-12007: Supermicro BMC firmware update validation bypass

Vendor Smci
Product X13SEM-F
Weakness CWE-347
Published January 16, 2026
Last update February 26, 2026

CVSS base score

What the vulnerability does

01Description

There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X13SEM-F . An attacker can update the system firmware with a specially crafted image.

Key dates

02Disclosure timeline

January 16, 2026 CVE published
February 26, 2026 Record updated

Related vulnerabilities

04Related CVE