Vulnerability Details CVE-2025-32975
Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid credentials. The vulnerability exists in the SSO authentication handling mechanism and can lead to complete administrative takeover.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.454
EPSS Ranking 97.6%
CVSS Severity
CVSS v3 Score 10.0
Proposed Action
Quest KACE Systems Management Appliance (SMA) contains an improper authentication vulnerability that could allow attackers to impersonate legitimate users without valid credentials.
Ransomware Campaign
Unknown
References
- https://seclists.org/fulldisclosure/2025/Jun/22
- https://seralys.com/research/CVE-2025-32975.txt
- https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978
- http://seclists.org/fulldisclosure/2025/Jun/25
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32975
Products affected by CVE-2025-32975
-
cpe:2.3:a:quest:kace_systems_management_appliance:*