Do Son 
ASUS has released security updates to address a critical vulnerability—CVE-2024-54085, rated a perfect 10.0 on the CVSS scale—that could lead to complete server failure. The issue affects the MegaRAC BMC software developed by American Megatrends International, a component responsible for remote server management and utilized by over ten hardware vendors, including HPE, ASRock, and ASUS itself.
The severity of the flaw stems from its remote exploitability—whether via the Redfish management interface or locally from the host machine where the BMC resides. An attacker can leverage the vulnerability to gain full control of the server, deploy malware, alter firmware settings, disrupt motherboard functionality, or even inflict physical damage—for instance, by applying excessive voltage.
Particularly alarming is the possibility of initiating an infinite reboot loop, which cannot be halted through conventional means. In such a scenario, the affected server is rendered inoperable and requires physical intervention to recover or replace.
While American Megatrends issued a patch as early as March 11, 2025, hardware manufacturers required additional time to tailor the fix to their specific implementations. ASUS has now finalized its updates and announced new BMC firmware versions for four vulnerable motherboard models:
- PRO WS W790E-SAGE SE — version 1.1.57
- PRO WS W680M-ACE SE — version 1.1.21
- PRO WS WRX90E-SAGE SE — version 2.1.28
- Pro WS WRX80E-SAGE SE WIFI — version 1.34.0
The updated firmware is now available for download. Given the remote nature of the vulnerability, ASUS strongly urges users to install the latest versions without delay. The update file (.ima) can be applied via the BMC web interface under the Maintenance → Firmware Update section. It is also recommended to enable the Full Flash option to completely overwrite the firmware and eliminate any remnants of compromise.
For users unfamiliar with the update procedure or encountering installation issues, ASUS has prepared a comprehensive guide that includes best practices for secure execution and troubleshooting advice.
