Hey followers! Today, let’s talk about a serious flaw affecting many servers used in data centers worldwide. This vulnerability could give hackers full control over affected servers, and it’s no joke!

Hackers are exploiting a high-severity vulnerability in the AMI MegaRAC firmware, which is present in servers from major brands like AMD, Fujitsu, Gigabyte, Supermicro, and Qualcomm. This flaw allows remote attackers to take over servers that manage critical tasks, even when they’re powered off.

The flaw, rated 10 out of 10 in severity, resides in microcontrollers called Baseboard Management Controllers (BMCs). These BMCs let administrators manage servers remotely—installing OS updates, changing configurations, or even reimaging drives—without being physically present or even turning on the servers.

What makes this vulnerability so dangerous is that attackers can bypass authentication with a simple web request over HTTP, enabling them to create admin accounts without credentials. Discovered by Eclypsium and disclosed in March, it was initially not known to be actively exploited, but now it’s confirmed that hackers are using it in the wild.

Once inside a BMC, attackers could implant malicious firmware, hide from Detection tools, and even control server power states—powering on, rebooting, or reimaging servers regardless of the operating system’s status. They can also steal stored credentials, spy on network traffic, and corrupt firmware to render servers unbootable, causing major service disruptions.

Though the full scope of ongoing attacks isn’t clear, it’s suspected that espionage groups—possibly connected to China—are behind some of the exploits. Many impacted devices use the Redfish interface, and firmware from numerous vendors is affected, including AMD, Huawei, Nvidia, and others.

Admins are advised to inspect their BMCs and consult their manufacturers for updates. Patching these vulnerabilities quickly is crucial to prevent potential disaster.