CVE-2024-54085
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2024-54085. We'll provide specific mitigation strategies based on your environment and risk profile.
Description
AMI’s SPx contains
a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation
of this vulnerability may lead to a loss of confidentiality, integrity, and/or
availability.
Available Exploits
Related News
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2024-54085 AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability CVE-2024-0769 D-Link DIR-…
Affected Products
Known Exploited Vulnerability
This vulnerability is actively being exploited in the wild
Remediation Status
Due Date
Added to KEV
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Affected Product
Ransomware Risk
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
Advisory Details
CVSS Scoring
CVSS Score
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References
Advisory provided by GitHub Security Advisory Database. Published: March 11, 2025, Modified: June 27, 2025
Social Media Intelligence
Real-time discussions and threat intelligence from social platforms
Deep Dive into CVE-2024-54085 Affecting AMI MegaRAC Baseboard Management Controller Firmware # BMC Vulnerability CVE-2024-54085 Joins CISA's KEV Catalog - Technical Deep Dive **TL;DR:** CISA added the first-ever Baseboard Management Controller (BMC) vulnerability to their Known Exploited Vulnerabilities catalog. CVE-2024-54085 in AMI MegaRAC allows remote authentication bypass via HTTP header …
Como Proteger Servidores da Vulnerabilidade CVE-2024-54085 *Descubra como proteger seus servidores da vulnerabilidade CVE-2024-54085 no firmware AMI MegaRAC. Dicas práticas para empresas brasileiras. Clique agora!*
🔥 Top 10 Trending CVEs (28/06/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-3699](https://nvd.nist.gov/vuln/detail/CVE-2025-3699)** - 📝 Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation G-50 Version 3.37 and prior, G-50-W Version 3.37 and prior, G-50A Version 3.37 and prior, GB-50 Version 3.37 …
🔥 Top 10 Trending CVEs (27/06/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-20282](https://nvd.nist.gov/vuln/detail/CVE-2025-20282)** - 📝 A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and then …
CISA Flags Major Flaws in AMI MegaRAC, D-Link, and Fortinet Devices **CISA has added three critical security vulnerabilities to its KEV catalog, affecting popular devices from AMI, D-Link, and Fortinet with active exploitation reported.** **Key Points:** - CVE-2024-54085 could allow attackers to take full control of AMI MegaRAC devices. - …
🔥 Top 10 Trending CVEs (26/06/2025) Here’s a quick breakdown of the 10 most interesting vulnerabilities trending today: **1. [CVE-2025-6543](https://nvd.nist.gov/vuln/detail/CVE-2025-6543)** - 📝 Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway whenconfigured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP …
CISA has flagged three new actively exploited vulnerabilities * AMI MegaRAC (CVE-2024-54085): Remote takeover * D-Link DIR-859 (CVE-2024-0769): Unpatched, end-of-life * FortiOS (CVE-2019-6693): Used by Akira ransomware Federal deadline to patch is July 16, 2025.