CVE-2025-7623 MEDIUM

CVE-2025-7623: Supermicro BMC SMASH services has a Stack-based buffer overflow vulnerability

Vendor Smci
Product MBD-X13SEDW-F
Weakness CWE-121
Published November 18, 2025
Last update November 18, 2025

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

What the vulnerability does

01Description

Stack-based buffer overflow in the SMASH-CLP shell. An authenticated attacker with SSH access to the BMC can exploit a stack buffer overflow via a crafted SMASH command, overwrite the return address and registers, and achieve arbitrary code execution on the BMC firmware operating system

Key dates

02Disclosure timeline

November 18, 2025 CVE published
November 18, 2025 Record updated