Firmware Vulnerabilities Continue to Plague Supply Chain

July 23, 2025

Firmware is the foundation of nearly all activity performed on computers, whether locally or over the cloud. If the firmware computers use presents security flaws, then any security precautions taken at a higher level become meaningless. Unfortunately, firmware developers do not always have security in mind during the development process, and recent developments at motherboard manufacturer Gigabyte have brought these issues back to the forefront. A recent disclosure from Gigabyte informed the public of four firmware vulnerabilities that persist in its platform, even though the original issues had been patched years ago in firmware updates from the independent BIOS vendor AMI. These vulnerabilities affect the System Management Mode modules on older Intel-based systems. According to the company, successful exploitation of these vulnerabilities can enable threat actors with local access to escalate their privilege level and achieve arbitrary code execution within the highly privileged SMM environment, potentially causing device compromise.

This is not the only recent time that firmware has presented a serious issue. Binarly, a research firm that studies firmware security and first discovered the Gigabyte issues, also recently disclosed SMM issues in Dell devices, as well as a means for threat actors to circumvent UEFI Secure Boot. On top of this, a new publication is expected soon from them to indicate issues in firmware security on Lenovo devices. UEFI bootkits are a common tool in the hands of threat actors, including Bootkitty for Linux systems in 2024, and the BlackLotus UEFI bootkit in 2023.

Why does firmware present such a tempting target? Part of the problem is the growing vulnerability scanning industry compared to firmware development. For motherboard manufacturers and independent BIOS vendors (IBVs), the margins are lean, meaning costs must be kept down little time can be spent on security testing. This is particularly true of IBVs, according to Binarly, who exist in a highly competitive market and prioritize low price and fast time-to-market above security. By comparison, vulnerability scanning has become easier than ever, and threat actors are willing to devote considerable resources to poking any holes in firmware code, which they can either exploit themselves or make an immediate profit by selling to other threat actors.

As computers become more advanced, firmware has to become more complex to support them, leading to an entirely separate layer of infrastructure that presents a very tempting target to threat actors. In the current era, UEFI-based firmware has become a complex real-time operating system with its own USB and network stacks, all of which are potential subversion targets. This trend is likely to continue, and not only will firmware developers have to become more security conscious, it is crucial that security personnel take stock of potential firmware vulnerabilities in their enterprise and factor them into any security solution they implement.

More from Blackwired

July 30, 2025

Flaw in Gemini CLI AI coding assistant allowed stealthy code execution

AI coding tools like Gemini CLI can hide malicious commands; users must prioritize security and sandbox all interactions.

Read more
July 16, 2025

Google Gemini flaw hijacks email summaries for phishing

Gemini in Gmail can be tricked by hidden prompts; AI output is now a potential attack surface needing security measures.

Read more
July 9, 2025

Sixfold surge of ClickFix attacks threatens corporate defenses

ClickFix exploits user ignorance by tricking them into running malicious code as fake errors or CAPTCHAs; awareness is key.

Read more

© 2024 Blackwired. All Rights Reserved.