Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

AMI — Vulnerabilities & Security Advisories 60

Browse all 60 CVE security advisories affecting AMI. AI-powered Chinese analysis, POCs, and references for each vulnerability.

AMI, formerly American Megatrends, primarily develops BIOS firmware and embedded software for enterprise servers, workstations, and IoT devices. Its extensive codebase has historically exposed numerous security flaws, resulting in approximately 60 recorded Common Vulnerabilities and Exposures. These defects predominantly involve remote code execution, cross-site scripting, and privilege escalation vulnerabilities, often stemming from insufficient input validation or improper access controls within the firmware interfaces. Notable incidents include critical flaws allowing attackers to bypass authentication mechanisms or execute arbitrary commands with elevated privileges, potentially compromising system integrity. The company has addressed many of these issues through firmware updates, yet the complexity of legacy systems continues to pose risks. Security researchers frequently highlight the importance of regular patching and secure configuration practices to mitigate these persistent threats associated with AMI’s widely deployed infrastructure components.

Top products by AMI: AptioV MegaRAC_SPx Aptio MegaRAC SPx12 MegaRAC SPx-12 MegaRAC_SPx12 MegaRAC-SPx
CVE IDTitleCVSSSeverityPublished
CVE-2025-58770 TCG2 TPM RT Not Locked Issue — AptioVCWE-280 7.8AIHighAI2025-12-12
CVE-2025-33044 exFat Memory Corruption Issue — AptioVCWE-119 7.1AIHighAI2025-10-14
CVE-2025-22833 FixupArray Pointer Validation in NTFS — AptioVCWE-787 7.8AIHighAI2025-10-14
CVE-2025-22832 Buffer Overflow in NTFS when parsing the ATTRIBUTE_LIST — AptioVCWE-787 7.1AIHighAI2025-10-14
CVE-2025-22831 Buffer Overflow in NTFS when parsing the VOLUME_NAME — AptioVCWE-787 7.1AIHighAI2025-10-14
CVE-2025-33045 Legacy Serial Redirection SMRAM Vulnerabilities — AptioVCWE-123 8.2 High2025-09-09
CVE-2025-22830 SmiFlash Race Condition Vulnerability — AptioVCWE-362 7.0AIHighAI2025-08-12
CVE-2025-22834 ThirdPartyVideo SetVariable Vulnerability — AptioVCWE-665 4.2 Medium2025-08-12
CVE-2025-33043 SMM buffer Integrity — AptioVCWE-20 5.8 Medium2025-05-29
CVE-2024-42446 TOCTOU in SmmWhea — AptioVCWE-367 7.5 High2025-05-13
CVE-2024-54084 SMM Arbitrary Write via TOCTOU Vulnerability — AptioVCWE-367 7.5 High2025-03-11
CVE-2024-54085 Redfish Authentication Bypass — MegaRAC-SPxCWE-290 9.4 -2025-03-11
CVE-2024-33659 BiosGuard Buffer Overflow and TOCTOU Vulnerability — AptioVCWE-20 7.8 -2025-02-11
CVE-2024-42444 TOCTOU Race Condition between DMA and SMM — AptioVCWE-367 7.5 High2025-01-14
CVE-2024-2315 SMM arbitrary code execution in Overclock — AptioVCWE-284 5.5AIMediumAI2024-11-12
CVE-2024-33658 Buffer Overflow Vulnerability In OFBD — AptioVCWE-119 6.7AIMediumAI2024-11-12
CVE-2024-33660 Potential Firmware update without integrity check — AptioVCWE-494 6.1AIMediumAI2024-11-12
CVE-2024-42442 Runtime Service Access outside SMRAM — AptioVCWE-119 7.2 High2024-11-12
CVE-2024-33657 Smm Callout in SmmComputrace Module — AptioVCWE-20 7.8 High2024-08-21
CVE-2024-33656 Memory Leak in SmmComuptrace Module — AptioVCWE-269 7.8 High2024-08-21
CVE-2023-37297 heap memory overflow — MegaRAC_SPxCWE-122 8.3 High2024-01-09
CVE-2023-37296 Stack-based Buffer Overflow — MegaRAC_SPxCWE-121 8.3 High2024-01-09
CVE-2023-37295 Heap-based Buffer Overflow — MegaRAC_SPxCWE-122 8.3 High2024-01-09
CVE-2023-37294 Heap-based Buffer Overflow — MegaRAC_SPxCWE-122 8.3 High2024-01-09
CVE-2023-37293 stack-based buffer overflow — MegaRAC_SPxCWE-121 9.6 Critical2024-01-09
CVE-2023-34333 Untrusted Pointer Dereference — MegaRAC_SPxCWE-822 7.8 High2024-01-09
CVE-2023-3043 Stack-based Buffer Overflow BMC — MegaRAC_SPxCWE-121 9.6 Critical2024-01-09
CVE-2023-34332 Untrusted Pointer Dereference in BMC — MegaRAC_SPxCWE-822 7.8 High2024-01-09
CVE-2023-39538 Failure when uploading a Logo image file — AptioVCWE-20 7.5 High2023-12-06
CVE-2023-39539 Failure when uploading a Logo image file — AptioVCWE-20 7.5 High2023-12-06

This page lists every published CVE security advisory associated with AMI. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.