Ami
Products
8- 33 CVEs
- 31 CVEs
- 15 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
65| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-33044 | Hig | 0.51 | 7.8 | 0.00 | Oct 14, 2025 | APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Restriction of Operations within the Bounds of a Memory Buffer by local means. Successful exploitation of this vulnerability may lead to memory corruption and impact Integrity and Availability. | ||
| CVE-2025-22832 | Hig | 0.51 | 7.8 | 0.00 | Oct 14, 2025 | APTIOV contains a vulnerability in BIOS where an attacker may cause an Out-of-bounds Write by local. Successful exploitation of this vulnerability may lead to data corruption and loss of availability. | ||
| CVE-2025-22831 | Hig | 0.51 | 7.8 | 0.00 | Oct 14, 2025 | APTIOV contains a vulnerability in BIOS where an attacker may cause an Out-of-bounds Write by local. Successful exploitation of this vulnerability may lead to data corruption and loss of availability. | ||
| CVE-2022-29974 | Med | 0.28 | 4.3 | 0.00 | Dec 9, 2024 | AMI (aka American Megatrends) NTFS driver 1.0.0 (fixed in late 2021 or early 2022) has a buffer overflow. This driver is, for example, used in certain ASUS devices. | ||
| CVE-2024-54085 | 0.15 | — | 0.61 | KEV | Mar 11, 2025 | AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | ||
| CVE-2022-2827 | 0.02 | — | 0.02 | Dec 5, 2022 | AMI MegaRAC User Enumeration Vulnerability | |||
| CVE-2025-58770 | 0.00 | — | 0.00 | Dec 12, 2025 | APTIOV contains a vulnerability in BIOS where a user may cause “Improper Handling of Insufficient Permissions or Privileges” by local access. Successful exploitation of this vulnerability can lead to escalation of authorization and potentially impact Integrity and… | |||
| CVE-2025-22833 | 0.00 | — | 0.00 | Oct 14, 2025 | APTIOV contains a vulnerability in BIOS where an attacker may cause a Buffer Copy without Checking Size of Input by local accessing. Successful exploitation of this vulnerability may lead to arbitrary code execution. | |||
| CVE-2025-33045 | 0.00 | — | 0.00 | Sep 9, 2025 | APTIOV contains vulnerabilities in the BIOS where a privileged user may cause “Write-what-where Condition” and “Exposure of Sensitive Information to an Unauthorized Actor” through local access. The successful exploitation of these vulnerabilities can lead to information… | |||
| CVE-2025-22830 | 0.00 | — | 0.00 | Aug 12, 2025 | APTIOV contains a vulnerability in BIOS where a skilled user may cause “Race Condition” by local access. A successful exploitation of this vulnerability may lead to resource exhaustion and impact Confidentiality, Integrity, and Availability. | |||
| CVE-2025-22834 | 0.00 | — | 0.00 | Aug 12, 2025 | AMI APTIOV contains a vulnerability in BIOS where a user may cause “Improper Initialization” by local accessing. Successful exploitation of this vulnerability may leave the resource in an unexpected state and potentially impact confidentiality, integrity, and availability. | |||
| CVE-2025-33043 | 0.00 | — | 0.00 | May 29, 2025 | APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation locally. Successful exploitation of this vulnerability can potentially impact of integrity. | |||
| CVE-2024-42446 | 0.00 | — | 0.00 | May 13, 2025 | APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means. Successful exploitation of this vulnerability may lead to arbitrary code execution. | |||
| CVE-2024-54084 | 0.00 | — | 0.00 | Mar 11, 2025 | APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means. Successful exploitation of this vulnerability may lead to arbitrary code execution. | |||
| CVE-2024-33659 | 0.00 | — | 0.00 | Feb 11, 2025 | AMI APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation by a local attacker. Successful exploitation of these vulnerabilities may lead to overwriting arbitrary memory and execute arbitrary code at SMM level, also impacting… | |||
| CVE-2024-42444 | 0.00 | — | 0.00 | Jan 14, 2025 | APTIOV contains a vulnerability in BIOS where an attacker may cause a TOCTOU Race Condition by local means. Successful exploitation of this vulnerability may lead to execution of arbitrary code on the target device. | |||
| CVE-2024-2315 | 0.00 | — | 0.00 | Nov 12, 2024 | APTIOV contains a vulnerability in BIOS where may cause Improper Access Control by a local attacker. Successful exploitation of this vulnerability may lead to unexpected SPI flash modifications and BIOS boot kit launches, also impacting the availability. | |||
| CVE-2024-33658 | 0.00 | — | 0.00 | Nov 12, 2024 | APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Restriction of Operations within the Bounds of a Memory Buffer by local. Successful exploitation of this vulnerability may lead to privilege escalation and potentially arbitrary code execution, and… | |||
| CVE-2024-33660 | 0.00 | — | 0.00 | Nov 12, 2024 | An exploit is possible where an actor with physical access can manipulate SPI flash without being detected. | |||
| CVE-2024-42442 | 0.00 | — | 0.01 | Nov 12, 2024 | APTIOV contains a vulnerability in the BIOS where a user or attacker may cause an improper restriction of operations within the bounds of a memory buffer over the network. A successful exploitation of this vulnerability may lead to code execution outside of the intended System… |
- risk 0.51cvss 7.8epss 0.00
APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Restriction of Operations within the Bounds of a Memory Buffer by local means. Successful exploitation of this vulnerability may lead to memory corruption and impact Integrity and Availability.
- risk 0.51cvss 7.8epss 0.00
APTIOV contains a vulnerability in BIOS where an attacker may cause an Out-of-bounds Write by local. Successful exploitation of this vulnerability may lead to data corruption and loss of availability.
- risk 0.51cvss 7.8epss 0.00
APTIOV contains a vulnerability in BIOS where an attacker may cause an Out-of-bounds Write by local. Successful exploitation of this vulnerability may lead to data corruption and loss of availability.
- risk 0.28cvss 4.3epss 0.00
AMI (aka American Megatrends) NTFS driver 1.0.0 (fixed in late 2021 or early 2022) has a buffer overflow. This driver is, for example, used in certain ASUS devices.
- risk 0.15cvss —epss 0.61
AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability.
- CVE-2022-2827Dec 5, 2022risk 0.02cvss —epss 0.02
AMI MegaRAC User Enumeration Vulnerability
- CVE-2025-58770Dec 12, 2025risk 0.00cvss —epss 0.00
APTIOV contains a vulnerability in BIOS where a user may cause “Improper Handling of Insufficient Permissions or Privileges” by local access. Successful exploitation of this vulnerability can lead to escalation of authorization and potentially impact Integrity and…
- CVE-2025-22833Oct 14, 2025risk 0.00cvss —epss 0.00
APTIOV contains a vulnerability in BIOS where an attacker may cause a Buffer Copy without Checking Size of Input by local accessing. Successful exploitation of this vulnerability may lead to arbitrary code execution.
- CVE-2025-33045Sep 9, 2025risk 0.00cvss —epss 0.00
APTIOV contains vulnerabilities in the BIOS where a privileged user may cause “Write-what-where Condition” and “Exposure of Sensitive Information to an Unauthorized Actor” through local access. The successful exploitation of these vulnerabilities can lead to information…
- CVE-2025-22830Aug 12, 2025risk 0.00cvss —epss 0.00
APTIOV contains a vulnerability in BIOS where a skilled user may cause “Race Condition” by local access. A successful exploitation of this vulnerability may lead to resource exhaustion and impact Confidentiality, Integrity, and Availability.
- CVE-2025-22834Aug 12, 2025risk 0.00cvss —epss 0.00
AMI APTIOV contains a vulnerability in BIOS where a user may cause “Improper Initialization” by local accessing. Successful exploitation of this vulnerability may leave the resource in an unexpected state and potentially impact confidentiality, integrity, and availability.
- CVE-2025-33043May 29, 2025risk 0.00cvss —epss 0.00
APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation locally. Successful exploitation of this vulnerability can potentially impact of integrity.
- CVE-2024-42446May 13, 2025risk 0.00cvss —epss 0.00
APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means. Successful exploitation of this vulnerability may lead to arbitrary code execution.
- CVE-2024-54084Mar 11, 2025risk 0.00cvss —epss 0.00
APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means. Successful exploitation of this vulnerability may lead to arbitrary code execution.
- CVE-2024-33659Feb 11, 2025risk 0.00cvss —epss 0.00
AMI APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation by a local attacker. Successful exploitation of these vulnerabilities may lead to overwriting arbitrary memory and execute arbitrary code at SMM level, also impacting…
- CVE-2024-42444Jan 14, 2025risk 0.00cvss —epss 0.00
APTIOV contains a vulnerability in BIOS where an attacker may cause a TOCTOU Race Condition by local means. Successful exploitation of this vulnerability may lead to execution of arbitrary code on the target device.
- CVE-2024-2315Nov 12, 2024risk 0.00cvss —epss 0.00
APTIOV contains a vulnerability in BIOS where may cause Improper Access Control by a local attacker. Successful exploitation of this vulnerability may lead to unexpected SPI flash modifications and BIOS boot kit launches, also impacting the availability.
- CVE-2024-33658Nov 12, 2024risk 0.00cvss —epss 0.00
APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Restriction of Operations within the Bounds of a Memory Buffer by local. Successful exploitation of this vulnerability may lead to privilege escalation and potentially arbitrary code execution, and…
- CVE-2024-33660Nov 12, 2024risk 0.00cvss —epss 0.00
An exploit is possible where an actor with physical access can manipulate SPI flash without being detected.
- CVE-2024-42442Nov 12, 2024risk 0.00cvss —epss 0.01
APTIOV contains a vulnerability in the BIOS where a user or attacker may cause an improper restriction of operations within the bounds of a memory buffer over the network. A successful exploitation of this vulnerability may lead to code execution outside of the intended System…