Yes you would normally need a service contract for most software downloads.

The version you should ideally be asking for (as per Leo's instructions) is 8.5.182.11 (link below) which is the latest available with all security fixes and the 2504 filename is AIR-CT2500-K9-8-5-182-11.aes but note "Cisco 2500 Series Wireless Controllers Release 8.5 Software.In order to use 8.4 or higher code, you must upgrade the 2504 Wireless Lan Controllers to FUS version 1.9 or higher, this must be done before installing the new AireOS version"

You should also check the compatibility matrix (link below) to make sure all your APs are supported on 8.5 code.  If not, then you may need to consider an older version of code but because those all went end of support years ago they will all still have security vulnerabilities.

If you're upgrading to 8.5 then you should ideally upgrade to 8.0.152.0 first so you might need to request that too:
https://software.cisco.com/download/home/283848165/type/280926587/release/8.0.152.0

And read the release notes to make sure you know about any changes you need to be aware of.

That is a big jump, even if you were able to download the software.  I can tell you that your ap's probably do not support the latest version.  Here is my take.  You are being requested to upgrade due to vulnerabilities, knowing that the controller and the ap's are end of support and security patching, doesn't make sense.  You need to look at replacing what you have so that you are covered from these new security vulnerabilities. Also think, what happens when the controller dies or access points start to die, what will you do?  

Take a look at this!

https://www.cisco.com/c/en/us/support/docs/field-notices/740/fn74035.html