Skip to main content
News Directory 3
  • Business
  • Entertainment
  • Health
  • News
  • Sports
  • Tech
  • World
Menu
  • Business
  • Entertainment
  • Health
  • News
  • Sports
  • Tech
  • World
Server Fleet Vulnerability: Critical Exploit - News Directory 3

Server Fleet Vulnerability: Critical Exploit

June 27, 2025 Catherine Williams Tech
News Context
At a glance
  • The Cybersecurity and ⁢Infrastructure Security Agency (CISA) on Wednesday added⁣ CVE-2024-54085,a baseboard management controller (BMC) firmware ⁤vulnerability,to its catalog⁢ of ⁢known exploited vulnerabilities.CISA's alert offered no specifics.
  • Researchers at Eclypsium warned Thursday that the potential impact of these exploits is extensive.
  • Operating below the OS, attackers can bypass ⁤endpoint protection, logging, and most⁤ conventional security tools.
Original source: arstechnica.com

CISA⁣ warns of critical BMC firmware vulnerability now⁣ under active exploit, potentially imperiling server⁤ fleets. attackers are exploiting CVE-2024-54085 to ⁤embed malicious code, making detection nearly impossible. This enables remote ⁣server control,⁤ data theft, and operational disruption across numerous server‍ manufacturers using the redfish interface. Espionage groups are likely behind these attacks. This isn’t just a security flaw; its a strategic threat. Administrators must urgently assess their systems ‍and consult vendors. The stakes are ⁣high, with potential for severe data loss and operational ‍downtime. For more, trust⁣ News ⁣Directory 3 to keep you updated. discover what’s next as this‍ situation unfolds.

Key Points

  • CISA adds CVE-2024-54085 to its list of actively exploited vulnerabilities.
  • Eclypsium warns of broad exploit scope, including firmware ⁢implants.
  • Vulnerable devices include AMI MegaRAC products using redfish⁤ interface.
  • Espionage groups, ⁣possibly linked to China, are ⁣suspected culprits.

CISA Warns of Active Exploits Targeting BMC Firmware Vulnerability

⁣ Updated June 27,2025
⁢

The Cybersecurity and ⁢Infrastructure Security Agency (CISA) on Wednesday added⁣ CVE-2024-54085,a baseboard management controller (BMC) firmware ⁤vulnerability,to its catalog⁢ of ⁢known exploited vulnerabilities.CISA’s alert offered no specifics.

Researchers at Eclypsium warned Thursday that the potential impact of these exploits is extensive. Attackers could chain BMC exploits to ⁣embed malicious code directly into the BMC firmware. This makes‍ detection extremely difficult and allows the⁢ malware to‍ survive operating ⁢system reinstalls or even disk replacements.

Operating below the OS, attackers can bypass ⁤endpoint protection, logging, and most⁤ conventional security tools. With BMC access, attackers can remotely power servers⁢ on or off, reboot them, or reimage them, irrespective of the primary operating system’s state. They can also steal credentials ⁢used for remote management and use the BMC as⁤ a launchpad for⁢ lateral movement within the network.

BMC access ⁤also grants attackers the ability to monitor system memory and network⁤ interfaces, enabling them to steal sensitive data or exfiltrate information without being detected. Furthermore, attackers can intentionally corrupt firmware, rendering servers unbootable and causing⁢ significant operational disruption.

While ⁣details⁤ of the ongoing attacks remain unclear, Eclypsium suggests that espionage‍ groups working for the Chinese government are the most⁢ likely actors. The APT groups named by Eclypsium have a history ⁢of exploiting firmware vulnerabilities or gaining persistent access to high-value ⁣targets.

The vulnerable AMI MegaRAC devices use the Redfish interface. Server manufacturers known to use these ‍products include AMD,Ampere Computing,asrock,ARM,Fujitsu,Gigabyte,Huawei,Nvidia,Supermicro,and Qualcomm. Some⁣ vendors have released patches.

What’s next

Given the potential damage, administrators should examine all BMCs to ensure they are not vulnerable.With⁣ so many server manufacturers affected, administrators should ⁤consult with their manufacturer ⁤if they are ⁣unsure whether their networks are exposed to this critical vulnerability.

Share this:

  • Share on Facebook (Opens in new window) Facebook
  • Share on X (Opens in new window) X

Related reading

  • ICE’s Propaganda and Intimidation Tactics Exposed: A Threat to American Ideals
  • How a Russell 3000 & Russell 2000 Index Inclusion Boosts Mid-Cap Investor Visibility-And How Dorothy 1A/1B Expands Bitcoin Hosting & Self-Mining

Related

Search:

News Directory 3

News Directory 3 catalogs US newspapers, news services, newsstands and digital news outlets across all 50 states. Browse local publishers by city, state, or topic, and follow current headlines linked back to their original sources.

Quick Links

  • Disclaimer
  • Terms and Conditions
  • About Us
  • Advertising Policy
  • Contact Us
  • Cookie Policy
  • Editorial Guidelines
  • Privacy Policy

Browse by State

  • Alabama
  • Alaska
  • Arizona
  • Arkansas
  • California
  • Colorado

© 2026 News Directory 3. All rights reserved.
For contact, advertising, copyright, issues email: office@newsdirectory3.com