If martians could come from another customer's network to mine, I have no reason to believe it couldn't go the other way.
The colo manager I contacted about it thought it was anything but normal. The 10 net should have been null routed, of course.
You may be surprised to learn that the little bitty microcontroller most BMCs are based on have significantly less computational power than a 32 core Epyc CPU does...
Our networks aren't the ones that get pwned. It's our customers. You, in this instance, would be one of our customers.
And that is why I would VLAN my uplink off from my management network. I don't trust your router's config...
You seem to mis-understand security. It's not belt OR suspenders, it's belt AND suspenders. AKA security in depth. I wouldn't depend on just VLAN tagging for security. I wouldn't depend on just routing and firewalling for security.
Finally, do you now or have you ever used Solarwinds?