ASUS has launched safety updates to deal with CVE-2024-54085, a most severity flaw that would permit attackers to hijack and probably brick servers.
The flaw impacts American Megatrends Worldwide’s MegaRAC Baseboard Administration Controller (BMC) software program, utilized by over a dozen server {hardware} distributors, together with HPE, ASUS, and ASRock.
The CVE-2024-54085 flaw is remotely exploitable, probably resulting in malware infections, firmware modifications, and irreversible bodily harm by way of over-volting.
“An area or distant attacker can exploit the vulnerability by accessing the distant administration interfaces (Redfish) or the inner host to the BMC interface (Redfish),” defined Eclypsium in a associated report.
“Exploitation of this vulnerability permits an attacker to remotely management the compromised server, remotely deploy malware, ransomware, firmware tampering, bricking motherboard parts (BMC or probably BIOS/UEFI), potential server bodily harm (over-voltage / bricking), and indefinite reboot loops {that a} sufferer can not cease.”
Although AMI launched a bulletin together with patches on March 11, 2025, time was wanted for impacted OEMs to implement the fixes on their merchandise.
At the moment, ASUS introduced they’ve launched fixes for CVE-2024-54085 for 4 motherboard fashions impacted by the bug.
The updates and beneficial BMC firmware model customers ought to improve to are:
Given the severity of the vulnerability and the power to carry out distant exploitation, it’s essential to carry out the firmware replace as quickly as attainable.
After downloading the newest BMC firmware replace (.ima file), you’ll be able to apply it by way of the online interface > Upkeep > Firmware Replace, choose the file, and click on ‘Begin Firmware Replace.’ It’s also beneficial that you simply verify the ‘Full Flash’ possibility.
For detailed directions on easy methods to carry out MBC firmware updates safely and troubleshooting, verify ASUS FAQ right here.
