Security News > 2025 > March > New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking
2025-03-18 13:31
A critical security vulnerability has been disclosed in AMI's MegaRAC Baseboard Management Controller (BMC) software that could allow an attacker to bypass authentication and carry out post-exploitation actions. The vulnerability, tracked as CVE-2024-54085, carries a CVSS v4 score of 10.0, indicating maximum severity. "A local or remote attacker can exploit the vulnerability by accessing the
News URL
https://thehackernews.com/2025/03/new-critical-ami-bmc-vulnerability.html
Related news
- Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory Compromise (source)
- Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability (source)
- Critical flaws fixed in Nagios Log Server (source)
- Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence (source)
- Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
- Researchers Identify Rack::Static Vulnerability Enabling Data Breaches in Ruby Servers (source)
- Oh, cool. Microsoft melts bug that froze Server 2025 Remote Desktop sessions (source)
- Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised (source)
- Critical Langflow RCE flaw exploited to hack AI app servers (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-11 | CVE-2024-54085 | AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. | 0.0 |