Stack-Based Overflow Vulnerability in Supermicro BMC Insyde SMASH Shell Program
CVE-2025-7704

5.4MEDIUM

Key Information:

Vendor: Smci
Status: Sys-111c-nr
Vendor: CVE Published:; 13 November 2025

What is CVE-2025-7704?

The vulnerability in the Supermicro BMC Insyde SMASH shell program allows for a stack-based overflow, potentially enabling attackers to execute arbitrary code and compromise the affected systems. It arises from inadequate input validation, which can be exploited by malicious actors, emphasizing the need for users to review their system configurations and apply necessary updates to safeguard against such security threats.

Affected Version(s)

SYS-111C-NR BMC 1.04.11

References

https://www.supermicro.com/en/support/security_BMC_IPMI_O...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 13, 2025
Vulnerability Reserved
Jul 16, 2025

Credit

Nils Heuer, Benedikt Heck, Benedict Schlüter and Shweta Shinde of ETH Zurich

JSON

Smci

What is CVE-2025-7704?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit