A critical vulnerability affecting baseboard management controller (BMC) firmware made by AMI could expose many devices to remote attacks.
March 18, 2025 By Eduard Kovacs
A critical vulnerability affecting baseboard management controller (BMC) firmware made by AMI could expose many devices to remote attacks, according to firmware and hardware security company Eclypsium.
Eclypsium has been analyzing AMI BMC security for years. In the summer of 2023, the company disclosed two serious flaws, warning that they could expose millions of devices that use AMI’s MegaRAC BMC to takeover and physical damage.
The company’s researchers on Tuesday reported discovering a new flaw, tracked as CVE-2024-54085. The new vulnerability is similar to CVE-2023-34329, one of the 2023 vulnerabilities, which allows authentication bypass, but it’s unclear if CVE-2024-54085 is the result of an incomplete patch or an entirely new security hole — that is still being investigated.