Firmware Vulnerabilities Continue to Plague Supply Chain

July 23, 2025

Firmware is the foundation of nearly all activity performed on computers, whether locally or over the cloud. If the firmware computers use presents security flaws, then any security precautions taken at a higher level become meaningless. Unfortunately, firmware developers do not always have security in mind during the development process, and recent developments at motherboard manufacturer Gigabyte have brought these issues back to the forefront. A recent disclosure from Gigabyte informed the public of four firmware vulnerabilities that persist in its platform, even though the original issues had been patched years ago in firmware updates from the independent BIOS vendor AMI. These vulnerabilities affect the System Management Mode modules on older Intel-based systems. According to the company, successful exploitation of these vulnerabilities can enable threat actors with local access to escalate their privilege level and achieve arbitrary code execution within the highly privileged SMM environment, potentially causing device compromise.

This is not the only recent time that firmware has presented a serious issue. Binarly, a research firm that studies firmware security and first discovered the Gigabyte issues, also recently disclosed SMM issues in Dell devices, as well as a means for threat actors to circumvent UEFI Secure Boot. On top of this, a new publication is expected soon from them to indicate issues in firmware security on Lenovo devices. UEFI bootkits are a common tool in the hands of threat actors, including Bootkitty for Linux systems in 2024, and the BlackLotus UEFI bootkit in 2023.

Why does firmware present such a tempting target? Part of the problem is the growing vulnerability scanning industry compared to firmware development. For motherboard manufacturers and independent BIOS vendors (IBVs), the margins are lean, meaning costs must be kept down little time can be spent on security testing. This is particularly true of IBVs, according to Binarly, who exist in a highly competitive market and prioritize low price and fast time-to-market above security. By comparison, vulnerability scanning has become easier than ever, and threat actors are willing to devote considerable resources to poking any holes in firmware code, which they can either exploit themselves or make an immediate profit by selling to other threat actors.

As computers become more advanced, firmware has to become more complex to support them, leading to an entirely separate layer of infrastructure that presents a very tempting target to threat actors. In the current era, UEFI-based firmware has become a complex real-time operating system with its own USB and network stacks, all of which are potential subversion targets. This trend is likely to continue, and not only will firmware developers have to become more security conscious, it is crucial that security personnel take stock of potential firmware vulnerabilities in their enterprise and factor them into any security solution they implement.

More from Blackwired

September 10, 2025

Stealthy attack serves poisoned web pages only to AI agents

New AI browser attack targets agents via hidden prompts, exploiting unique agent fingerprints to deliver invisible malicious code.

Read more
September 3, 2025

First AI-Powered Ransomware Created Using OpenAI's gpt-oss:20b Model

PromptLock is an AI-powered ransomware PoC using LLMs to generate dynamic, hard-to-detect, cross-platform attacks.

Read more
August 27, 2025

Chinese Hackers Silk Typhoon Escalate Cloud and Telecom Espionage

Silk Typhoon targets cloud via zero-days, supply chains, and trusted ties; monitor edge, patch fast to detect and defend.

Read more

© 2024 Blackwired. All Rights Reserved.