In June 2025, for the first time, CISA added a Baseboard Management Controller vulnerability to its Known Exploited Vulnerabilities catalog.
While BMC vulnerabilities have been reported for years, the inclusion of CVE-2024-54085 marks the first time that CISA has publicly acknowledged that these critical, foundational components are being exploited in the wild. The vulnerability, disclosed by Eclypsium in March 2025, is previously unknown and remotely exploitable in AMI’s MegaRAC software, allowing attackers to bypass authentication remotely.
This inclusion brings validation to an ongoing paradigm shift in attacker behavior. APTs are increasingly targeting network edge devices and infrastructure components, such as BMCs, thereby granting them broader access, facilitating lateral movement, and providing opportunities for living off the land and ongoing espionage capabilities.
The 2025 Verizon Data Breach Investigation Report showed an 8x increase in vulnerability exploitation against network and edge devices, and over half of the most Routinely Exploited Vulnerabilities from CISA’s 2024 list affected network infrastructure.
Why BMC Exploitation Is A Big Deal
What makes BMCs particularly dangerous is their privileged position in the system hierarchy. BMC firmware is highly privileged, executes outside the scope of operating system (OS) controls, and has access to all resources of the server-class platform on which it resides. This means that a compromised BMC can provide attackers with persistent, stealthy access that traditional security tools cannot detect or prevent.
BMCs operate in the digital equivalent of mission control. They sit below operating systems, hypervisors, and security controls with privileged access to server hardware. When attackers compromise a BMC, traditional security measures become irrelevant. Endpoint protection? Useless. Network monitoring? Blind. Antivirus? Not even running at the right level to detect the threat.
This is why CVE-2024-54085’s KEV inclusion matters. CISA is formally acknowledging that BMC vulnerabilities are being exploited in the wild. This may be the first BMC vulnerability in the KEV, but it is unlikely to be the last.
A Brief History of BMC Vulnerabilities
Eclypsium didn’t stumble onto BMC security by accident. We have been systematically exposing these threats for years.
- 2019: CloudBorne – Eclypsium demonstrated how attackers could implant malicious BMC firmware in bare-metal cloud servers that would persist across tenant changes, affecting future customers
- 2022: BMC&C Part 1 – Multiple AMI MegaRAC vulnerabilities including arbitrary code execution via Redfish API and default credentials for root shell access
- 2023: BMC&C Part 2 – Authentication bypass via HTTP header spoofing and code injection through the Dynamic Redfish Extension interface
- 2025: BMC&C Part 3 – CVE-2024-54085, the remotely exploitable authentication bypass that finally made it onto CISA’s most critical list
As detailed in Eclypsium’s latest disclosure, this represents more than isolated discoveries. It’s a systematic examination of one of the industry’s most widely deployed BMC firmware solutions, revealing fundamental security weaknesses that affect countless servers worldwide.
The Technical Reality
CVE-2024-54085 exploits a deceptively simple weakness. Attackers can bypass authentication in the Redfish Host Interface by manipulating HTTP headers—specifically crafting values in “X-Server-Addr” or “Host” headers to trick the BMC into believing requests come from the host system itself.
The attack completely circumvents authentication. Full administrative access. No credentials required.
What can attackers do with this access? The list is sobering:
- Remote server control – Complete management of compromised systems
- Malware and ransomware deployment – Install persistent threats below the OS level
- Firmware tampering – Modify BIOS, UEFI, or BMC code itself
- Physical damage – Over-voltage commands that can permanently brick hardware
- Indefinite reboot loops – Create unrecoverable downtime that operators cannot stop
- Lateral movement – Use BMC network access to attack other systems on management networks
In data center environments, the cascading potential is nightmare fuel. Attackers who compromise one BMC can potentially spread across entire management segments, forcing thousands of servers into continuous reboot cycles that victim operators cannot interrupt without physical intervention.
The AI Data Center Risk Factor
Timing matters in cybersecurity. This KEV addition arrives at a time when a new class of data centers, built for AI workloads, are rapidly being built out worldwide to feed ravenous demand for GPU and TPU capacity. AI data centers are rapidly becoming critical infrastructure, which makes them an even more attractive target for nation-state APTs.
The AI boom has transformed BMCs from simple server management tools into critical infrastructure components. Modern AI data centers depend on BMCs for managing high-performance computing clusters, monitoring GPU temperatures and power consumption, and orchestrating workloads across thousands of servers. When AI training runs cost millions of dollars and requires weeks to complete, a BMC compromise could be an existential threat to the enterprise.
NVIDIA’s recent research, “Breaking BMC-The Forgotten Key to the Kingdom,” illuminates how BMCs have evolved in AI environments. These aren’t the simple “lights-out” management tools of the past—they’re sophisticated systems with elevated privileges and extensive network access, making them particularly attractive targets.
The convergence creates a perfect storm. Nation-state actors and cybercriminals are likely already aware that compromising components, such as BMC infrastructure, offers direct paths to disrupt critical AI workloads, steal valuable training data, or launch attacks against AI-powered services. As organizations invest billions in AI infrastructure, the BMCs managing that infrastructure represent high-value targets with historically poor security practices.
To learn more about the potential impact of BMC vulnerabilities on AI Data Centers, check out our recent webinar: AI Data Centers: The Cyber Target Of the Century.
The Urgent Call to Action
CISA’s KEV addition isn’t symbolic—it’s a mandate. Federal agencies must patch CVE-2024-54085 by their assigned deadline, per Binding Operational Directive (BOD) 22-01, but every organization running critical infrastructure should treat this with equal urgency.
The immediate steps are clear:
- Inventory BMC deployments across your entire infrastructure
- Identify vulnerable AMI MegaRAC firmware versions in your environment
- Prioritize patching based on criticality and exposure
- Review BMC security practices, including credential management and network segmentation
However, this issue extends beyond a single vulnerability. Too many organizations treat BMCs as afterthoughts—forgotten components left with default credentials, outdated firmware, and inadequate network isolation. Eclypsium can help discover and remediate vulnerable BMCs in your environment. Eclypsium also recently collaborated with AMI on a paper about OpenBMC Security In Practice.
The necessary actions will depend heavily on the network environment and security posture of each organization. But it is clear that the historic nature of this KEV addition should trigger a fundamental reassessment of BMC security practices across the industry.
