CVE-2024-54085
Published: 11 March 2025
Summary
CVE-2024-54085 is a critical-severity Authentication Bypass by Spoofing (CWE-290) vulnerability in Ami Megarac Sp-X. Its CVSS base score is 10.0 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 2.4% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SC-7 (Boundary Protection) and SI-2 (Flaw Remediation).
Deeper analysis
AMI’s SPx contains a vulnerability in the BMC that permits remote authentication bypass through the Redfish Host Interface. The flaw is tracked as CVE-2024-54085, carries a CVSS 4.0 score of 10.0, and is associated with CWE-290.
An unauthenticated attacker with network access can exploit the issue to obtain unauthorized control, resulting in loss of confidentiality, integrity, and availability on the affected management controller.
Public advisories, including AMI-SA-2025003 and vendor notices from NetApp, direct administrators to apply the referenced patches, while CISA has added the CVE to its Known Exploited Vulnerabilities catalog.
Multiple security outlets have reported active exploitation of the flaw against production servers, consistent with the observed EPSS values that reached a peak of 0.4672.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-54252
Vulnerability details
AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.
- CWE(s)
- KEV Date Added
- 25 June 2025
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CVE-2024-54085 enables remote authentication bypass on BMC Redfish interface, facilitating public-facing app exploitation (T1190), remote service exploitation (T1210), local account creation (T1136.001), OS credential dumping via memory access (T1003), network sniffing (T1040), system shutdown/reboot (T1529), firmware corruption (T1495), and component firmware persistence (T1542.002).
MITRE ATLAS TechniquesAI
MITRE ATLAS techniques
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely flaw remediation through application of AMI patches directly eliminates the authentication bypass vulnerability in the SPx BMC Redfish Host Interface.
Boundary protection denies unauthorized remote network access to the vulnerable Redfish Host Interface, blocking exploitation by unauthenticated attackers.
Vulnerability scanning identifies systems with the unpatched CVE-2024-54085 BMC flaw for prioritized remediation.