Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

AMI MegaRAC SPx Authentication Bypass Vulnerability in Redfish Host Interface

Vulnerability

Exploited

Patched

A vulnerability has been identified in AMI MegaRAC SPx versions 12.0 prior to 12.7 and 13.0 prior to 13.5, allowing remote authentication bypass through the Redfish Host Interface. This vulnerability affects the Baseboard Management Controller (BMC) in certain NetApp StorageGRID models. Successful exploitation could lead to unauthorized access and manipulation of sensitive information, potentially causing a denial-of-service condition.

Impact

Exploitation of this vulnerability could result in unauthorized access to the BMC, allowing an attacker to bypass authentication and potentially manipulate sensitive information or disrupt services, causing a denial-of-service condition.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 25, 2025, 4:45 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

7.5

exploitability

8.7

remediation

7.7

relevance

0.0

threat

8.9

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

7.5

exploitability

8.7

remediation

7.7

relevance

0.0

threat

8.9

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

AMI MegaRAC SPx Authentication Bypass Vulnerability in Redfish Host Interface

Vulnerability

Impact

Affected Products

AMI MegaRAC SPx

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating