ASUS has launched safety updates to handle CVE-2024-54085, a most severity flaw that would permit attackers to hijack and probably brick servers.
The flaw impacts American Megatrends Worldwide’s MegaRAC Baseboard Administration Controller (BMC) software program, utilized by over a dozen server {hardware} distributors, together with HPE, ASUS, and ASRock.
The CVE-2024-54085 flaw is remotely exploitable, probably resulting in malware infections, firmware modifications, and irreversible bodily injury by way of over-volting.
“An area or distant attacker can exploit the vulnerability by accessing the distant administration interfaces (Redfish) or the inner host to the BMC interface (Redfish),” defined Eclypsium in a associated report.
“Exploitation of this vulnerability permits an attacker to remotely management the compromised server, remotely deploy malware, ransomware, firmware tampering, bricking motherboard elements (BMC or probably BIOS/UEFI), potential server bodily injury (over-voltage / bricking), and indefinite reboot loops {that a} sufferer can not cease.”
Although AMI launched a bulletin together with patches on March 11, 2025, time was wanted for impacted OEMs to implement the fixes on their merchandise.
In the present day, ASUS introduced they’ve launched fixes for CVE-2024-54085 for 4 motherboard fashions impacted by the bug.
The updates and beneficial BMC firmware model customers ought to improve to are:
Given the severity of the vulnerability and the power to carry out distant exploitation, it’s essential to carry out the firmware replace as quickly as doable.
After downloading the most recent BMC firmware replace (.ima file), you possibly can apply it by way of the net interface > Upkeep > Firmware Replace, choose the file, and click on ‘Begin Firmware Replace.’ It’s also beneficial that you simply verify the ‘Full Flash’ possibility.
For detailed directions on carry out MBC firmware updates safely and troubleshooting, verify ASUS FAQ right here.
