🔴 CVE-2025-32975

Quest KACE Systems Management Appliance contains an authentication bypass vulnerability allowing attackers to impersonate legitimate users and gain complete administrative control without valid credentials. This is a critical CVSS 10.0 vulnerability with active exploitation confirmed by CISA KEV listing.

← Back to Overview
HIGH_RISK
Risk Level
10.0
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 — Exploit Public-Facing Application
ATT&CK Technique
VERY_HIGH
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-06-24

Added to CISA KEV: 2026-04-20 300 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2025-32975 is a critical authentication bypass vulnerability affecting the Quest KACE Systems Management Appliance (SMA) [4] [2]. With a CVSS score of 10.0, it represents a severe security risk that allows for the complete compromise of affected systems [1] [3].

Key Details of CVE-2025-32975
FeatureDescription
Vulnerability TypeAuthentication Bypass (SSO handling mechanism) [5]
CVSS Score10.0 (Critical) [1]
ExploitationActive in the wild (observed since March 2026) [1]
RequirementsNetwork-reachable; no credentials or user interaction required [3]
ImpactComplete administrative takeover [5]
Exploitation and Threat Actor Usage
  • Active Exploitation: While the vulnerability was disclosed in June 2025, security researchers and firms (such as Arctic Wolf) observed active exploitation of unpatched systems beginning in March 2026 [1] [5].
  • Attack Method: The flaw exists within the Single Sign-On (SSO) authentication handling mechanism [2]. Attackers can exploit this remotely over the network to impersonate any user, including administrators, without needing valid credentials [3].
  • Impact: Successful exploitation grants the attacker full administrative control over the KACE SMA appliance, which can be used to deliver malicious payloads or further compromise the environment [1] [5].
Affected Versions and Mitigation
Quest released patches for this vulnerability in May 2025 [1]. Affected versions include:
  • 13.0.x: Versions before 13.0.385 [4]
  • 13.1.x: Versions before 13.1.81 [4]
  • 14.0.x: Versions before 14.0.341 (Patch 5)?id=CVE-2025-32975?kagi_q=CVE-2025-32975
  • 14.1.x: Versions before 14.1.101 (Patch 4)?id=CVE-2025-32975?kagi_q=CVE-2025-32975
Organizations using these products should ensure they have applied the latest available patches from Quest to mitigate the risk of administrative takeover [2].

Sources

  1. Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest ...

    CVE-2025-32975 (CVSS score: 10.0) refers to an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid credentials. Successful exploitation of the flaw could facilitate the complete takeover of administrative accounts. The issue was patched by Quest in…

  2. CVE-2025-32975: Quest KACE SMA Auth Bypass Vulnerability

    CVE-2025-32975 Overview CVE-2025-32975 is a critical authentication bypass vulnerability affecting Quest KACE Systems Management Appliance (SMA). The vulnerability exists in the SSO authentication handling mechanism and allows attackers to impersonate legitimate users without valid credentials, pote…

  3. CVE-2025-32975: The Open Directory Behind the KACE SMA Breach and 60 ...

    CVE-2025-32975 is a critical authentication bypass vulnerability in KACE SMA's SSO authentication handling mechanism with a CVSS score of 10.0. The flaw allows an unauthenticated, network-reachable attacker to impersonate legitimate users, including administrators, without supplying any credentials.

  4. CVE-2025-32975 Details - NVD

    CVE-2025-32975 Detail. Description. Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81 ... An official website of the United States government NVD MENU…

  5. CVE-2025-32975: Arctic Wolf Observes ...

    CVE-2025-32975: Arctic Wolf Observes Exploitation of Quest KACE Systems Management Appliance. Arctic Wolf has observed malicious activity in ... CVE-2025-32975 is a critical authentication bypass vulnerability that allows threat actors to impersonate legitimate users without valid credentials. The f…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed