AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.
The vulnerability classified as CWE-290 (Authentication Bypass by Spoofing) allows an attacker to bypass the authentication process in the Redfish interface — a standard API interface for managing server infrastructure. The attack is possible remotely, without possessing any credentials, without user interaction, and without special environmental configuration requirements. After successfully bypassing authentication, the attacker gains access to BMC functions that operate below the operating system level and are difficult to detect and remove.
Successful exploitation of the vulnerability can lead to complete loss of confidentiality, integrity, and availability of the system, including permanent damage (bricking) of the server through BMC firmware manipulation. An attacker can gain full control over hardware management, install malicious code at the firmware level, or completely disable the server.
Patches available from the manufacturer must be applied immediately in accordance with references — official AMI bulletin: https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025003.pdf and NetApp advisory: https://security.netapp.com/advisory/ntap-20250328-0003/. Additionally, it is recommended to isolate BMC management interfaces from production networks and the public internet through dedicated OOBM (Out-of-Band Management) networks and restrict access to the Redfish interface exclusively to authorized hosts.
AMI MegaRAC SP-X (BMC firmware), NetApp H300S Firmware, NetApp H300S, NetApp H500S Firmware — specific versions indicated in manufacturer references (AMI-SA-2025003 and NetApp advisory ntap-20250328-0003)
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XAmi Megarac Sp X
OSAmi12 – 12.7 (bez)13 – 13.5 (bez)Netapp H300s
HWNetappwszystkie wersjeNetapp H300s Firmware
OSNetappwszystkie wersjeNetapp H410c
HWNetappwszystkie wersjeNetapp H410c Firmware
OSNetappwszystkie wersjeNetapp H410s
HWNetappwszystkie wersjeNetapp H410s Firmware
OSNetappwszystkie wersjeNetapp H500s
HWNetappwszystkie wersjeNetapp H500s Firmware
OSNetappwszystkie wersjeNetapp H700s
HWNetappwszystkie wersjeNetapp H700s Firmware
OSNetappwszystkie wersjeNetapp Sg110
HWNetappwszystkie wersjeNetapp Sg1100
HWNetappwszystkie wersjeNetapp Sg1100 Firmware
OSNetappwszystkie wersjeNetapp Sg110 Firmware
OSNetappwszystkie wersjeNetapp Sg6160
HWNetappwszystkie wersjeNetapp Sg6160 Firmware
OSNetappwszystkie wersjeNetapp Sgf6112
HWNetappwszystkie wersjeNetapp Sgf6112 Firmware
OSNetappwszystkie wersje
CISA KEV — detailsi
- Vendori
- AMI
- Producti
- MegaRAC SPx
- Added to KEVi
- June 25, 2025
- Remediation deadline (US Federal)i
- July 16, 2025(overdue)
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
AMI MegaRAC SPx contains an authentication bypass by spoofing vulnerability in the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.
Related vulnerabilities
XXE w bibliotece libxml2 — obejście niestandardowych handlerów SAX
Stack-based buffer overflow w AMI MegaRAC SPx BMC przez sieć lokalną
AMI MegaRAC SPx — stack-based buffer overflow w BMC przez sieć lokalną
An issue was discovered in the Linux kernel before 6.3.4. ksmbd has an out-of-bounds read in smb2_find_context...
AMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing ...