What is AMI MegaRAC BMC software?

AMI's MegaRAC SPx Baseboard Management Controller software provides remote system management capabilities for troubleshooting servers without being physically present. BMCs are embedded systems that allow administrators to remotely monitor, control, and manage server hardware even when the main operating system is offline.

How many servers are potentially exposed to this vulnerability?

Eclypsium found more than 1,000 servers online that were potentially exposed to attacks. The researchers also noted that creating an exploit for this vulnerability is 'not challenging,' making it accessible to a wide range of attackers.

Is this vulnerability being actively exploited?

Yes, CISA is reporting that attackers are actively exploiting this vulnerability. However, there are currently no details on how the vulnerability is being weaponized in the wild, who may be exploiting it, or the scale of the attacks.

Why is this vulnerability particularly dangerous?

This vulnerability is particularly dangerous because it affects Baseboard Management Controllers, which provide hardware-level access to servers. BMC access allows attackers to control servers at the most fundamental level, potentially causing irreversible hardware damage, deploying persistent malware, and maintaining access even if the main operating system is rebuilt.

What should organizations do to protect themselves?

Organizations using AMI MegaRAC-based server infrastructure should immediately prioritize applying available firmware updates, implement network segmentation to limit BMC access, restrict BMC network connectivity to trusted management networks only, monitor for unauthorized BMC access attempts, and verify that their server vendors have provided updated firmware addressing this vulnerability.

Does this vulnerability require authentication to exploit?

No, CVE-2024-54085 allows remote unauthenticated attackers to exploit the vulnerability. This means attackers do not need valid credentials or prior access to compromise affected systems, making it extremely dangerous for internet-facing BMC interfaces.

Why do BMC vulnerabilities pose such serious risks?

BMC vulnerabilities pose serious risks because Baseboard Management Controllers operate independently of the main server operating system and provide hardware-level control. They can power systems on/off, access console output, mount virtual media, and modify firmware. Compromise of BMC provides attackers with god-mode access that persists even through OS reinstallation and can enable attacks on physical hardware components.

What makes this CVE-2024-54085 vulnerability a critical emergency?

This vulnerability represents a critical emergency because it has the maximum possible CVSS score of 10.0, is being actively exploited according to CISA, allows remote unauthenticated access to server hardware, affects major enterprise server vendors used in cloud services and data centers, can cause irreversible physical hardware damage, and has over 1,000 potentially exposed servers online. The combination of maximum severity, active exploitation, and hardware-level access makes this one of the most dangerous vulnerabilities affecting enterprise infrastructure.

Advisory

CISA warns that AMI MegaRAC Vulnerability that enables server takeover is actively exploited

Q: What is CVE-2024-54085?

CVE-2024-54085 (CVSS score 10.0) is a maximum severity vulnerability in AMI's MegaRAC Baseboard Management Controller software that enables complete remote server takeover and potential physical hardware destruction. CISA is reporting that attackers are actively exploiting this flaw.

Q: What can attackers do if they exploit CVE-2024-54085?

The vulnerability allows remote unauthenticated attackers to hijack servers, deploy ransomware, and potentially cause irreversible hardware damage through malicious firmware manipulation. Attackers gain complete control over affected systems at the hardware level.

Q: Are patches available for CVE-2024-54085?

Yes, AMI released patches on March 11, 2025. However, server manufacturers have been slow to integrate and distribute fixes, leaving many organizations vulnerable to this maximum-severity flaw that grants attackers complete control over affected systems.

published: June 26, 2025

Take action: Check your servers NOW. If any of them use AMI's MegaRAC Baseboard Management Controller, make sure that the BMC is isolated in a separate network segment and only accessible only from internal trusted systems. Reach out to your server vendor for a patch, and plan a patch period. Don't ignore this one, since hackers are already exploiting this flaw.

Learn More

CISA is reporting that attackers are actively exploiting a maximum severity vulnerability in AMI's MegaRAC Baseboard Management Controller software that enables complete remote server takeover and potential physical hardware destruction.

The flaw is tracked as CVE-2024-54085 (CVSS score 10.0), and allows remote unauthenticated attackers to hijack servers, deploy ransomware, and potentially cause irreversible hardware damage through malicious firmware manipulation.

The vulnerability affects AMI's MegaRAC SPx Baseboard Management Controller software that provides remote system management capabilities for troubleshooting servers without being physically present.

The MegaRAC BMC firmware is used by several vendors including HPE, Asus, and ASRock that supply equipment to cloud service providers and data centers. The exploit has been verified against multiple high-profile enterprise server models including HPE Cray XD670, Asus RS720A-E11-RS24U, and ASRockRack systems. Eclypsium found more than 1,000 servers online that were potentially exposed to attacks and said that creating an exploit is "not challenging,".

There are currently no details on how the vulnerability is being weaponized in the wild, who may be exploiting it, and the scale of the attacks.

Organizations using AMI MegaRAC-based server infrastructure should immediately prioritize applying available firmware updates and implementing network segmentation to limit BMC access. While AMI released patches on March 11, server manufacturers have been slow to integrate and distribute fixes, leaving many organizations vulnerable to a maximum-severity flaw that grants attackers complete control over affected systems.

CISA warns that AMI MegaRAC Vulnerability that enables server takeover is actively exploited

Read More
JumpServer carries critical vulnerabilities in it's Ansible, patch …
Fortra FileCatalyst Workflow vulnerable to critical SQL Injection
JetBrains fixes two critical issues in TeamCity, patch …
Fortinet warns of active exploitation of 2FA Bypass …
Critical vulnerability reported in FreeBSD bhyve hypervisor