Rewrite the
The spoofing attack works by manipulating HTTP request headers sent to the Redfish interface. Attackers can add specific values to headers like “X-Server-Addr” to make their external requests appear as if they’re coming from inside the server itself. Since the system automatically trusts internal requests as authenticated, this spoofing technique grants attackers administrator privileges without needing valid credentials.
Slow vendor response creates risk window
The vulnerability exemplifies complex enterprise security challenges posed by firmware supply chains. AMI sits at the top of the server supply chain, but each vendor must integrate patches into their own products before customers can deploy them.
Lenovo took until April 17 to release its patch, while Asus patches for four motherboard models only appeared in recent weeks. Hewlett Packard Enterprise was among the faster responders, releasing updates in March for its Cray XD670 systems used in AI and high-performance computing workloads.
The patching delays are particularly concerning given the vulnerability’s scope. Manufacturers known to use AMI’s MegaRAC SPx BMC include AMD, Ampere Computing, ASRock, ARM, Fujitsu, Gigabyte, Huawei, Nvidia, Supermicro, and Qualcomm, representing a significant portion of enterprise server infrastructure. NetApp also confirmed in its security advisory NTAP-20250328-0003 that multiple NetApp products incorporating MegaRAC BMC firmware are also affected, expanding the impact to storage infrastructure.
Dell had earlier confirmed its systems are unaffected since it uses its own iDRAC management technology instead of AMI’s MegaRAC.
Enterprise operations at risk
This widespread vendor impact translates into serious operational risks for enterprises. BMCs operate at a privileged level below the main operating system, making attacks particularly dangerous.
in well organized HTML format with all tags properly closed. Create appropriate headings and subheadings to organize the content. Ensure the rewritten content is approximately 1500 words. Do not include the title and images. please do not add any introductory text in start and any Note in the end explaining about what you have done or how you done it .i am directly publishing the output as article so please only give me rewritten content. At the end of the content, include a “Conclusion” section and a well-formatted “FAQs” section.
