Asus patches vulnerability in AMI’s MegaRAC enabling attackers to brick servers

📟 News

Date: 25/04/2025

Asus released patches for the CVE-2024-54085 vulnerability that allows attackers to seize and disable servers. The security hole affects the American Megatrends International (AMI) MegaRAC Baseboard Management Controller (BMC) software used by many server equipment manufacturers, including Asus, HPE, and ASRock.

The bug identified by Eclypsium specialists makes it possible to bypass authentication remotely through the Redfish Host Interface. Its successful exploitation can result in a loss of confidentiality, integrity, and/or availability.

“A local or remote attacker can exploit the vulnerability by accessing the remote management interfaces (Redfish) or the internal host to the BMC interface (Redfish). Exploitation of this vulnerability allows an attacker to remotely control the compromised server, remotely deploy malware, ransomware, firmware tampering, bricking motherboard components (BMC or potentially BIOS/UEFI), potential server physical damage (over-voltage/bricking), and indefinite reboot loops that a victim cannot stop,” – Eclypsium.

Even though AMI engineers produced patches fixing this security hole by March 11, 2025, it took some time for OEM manufacturers to implement these patches in their products.

This week, Asus released patches fixing the CVE-2024-54085 vulnerability in four affected motherboard models.

Users are advised to install updates and upgrade the BMC firmware to the following versions:

Related posts:
2025.04.08 — Website of Everest ransomware group hacked and defaced

Last weekend, the darknet website of the Everest ransomware group was hacked and went offline. The attackers replaced its content with a sarcastic message: "Don't do crime…

Full article →
2025.04.07 — Critical RCE vulnerability discovered in Apache Parquet

All versions of Apache Parquet up to and including 1.15.0 are affected by a critical remote code execution (RCE) vulnerability whose CVSS score is 10 out…

Full article →
2025.04.29 — FBI Offers 10 million USD for information on Salt Typhoon members

The FBI offers up to 10 million USD for information about members of the Chinese hacker group Salt Typhoon and last year's attack that had…

Full article →
2025.04.25 — Asus patches vulnerability in AMI's MegaRAC enabling attackers to brick servers

Asus released patches for the CVE-2024-54085 vulnerability that allows attackers to seize and disable servers. The security hole affects the American Megatrends International (AMI) MegaRAC Baseboard Management…

Full article →
2025.02.14 — 12,000 Kerio Control firewalls remain vulnerable to RCE

Security experts report that more than 12,000 GFI Kerio Control firewall instances remain vulnerable to the critical RCE vulnerability CVE-2024-52875, which was fixed…

Full article →
2025.02.12 — 2.8 million IP addresses used to brute-force network devices

The Shadowserver Foundation warns of a massive web login brute-forcing attacks targeting nearly 2.8 million IP addresses per day. Unknown attackers are seeking…

Full article →
2025.02.10 — Failed attempt to block phishing link results in massive Cloudflare outage

According to the incident report released by Cloudflare, an attempt to block a phishing URL on the R2 platform accidentally caused a massive outage; as a result, many Cloudflare…

Full article →
2025.01.22 — Fake Homebrew Infects macOS and Linux Machines with infostealer

Attackers use Google ads to disguise themselves as the Homebrew website and distribute malware targeting Mac and Linux systems and stealing logon credentials, browser data, and cryptocurrency wallets.…

Full article →
2025.04.15 — Hackers exploit authentication bypass bug in OttoKit WordPress plugin

Hackers exploit an authentication bypass vulnerability in the OttoKit (formerly SureTriggers) WordPress plugin used by more than 100,000 websites. First attacks were recorded just…

Full article →
2025.01.24 — Hundreds of websites impersonating Reddit and WeTransfer spread Lumma Stealer

Sekoia researcher crep1x discovered that hackers are currently using some 1,000 pages impersonating Reddit and WeTransfer. Victims visiting these sites are tricked into…

Full article →