CVE-2025-32975

Published Jun 24, 2025

Last updated 2 months ago

Exploit knownCVSS critical 10.0
Smb
web application
Cloud
Zero-day
Server
OT
Port (443)
Firmware
SMA
Quest KACE

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-32975 is an authentication bypass vulnerability found in the Quest KACE Systems Management Appliance (SMA). This flaw specifically resides within the Single Sign-On (SSO) authentication handling mechanism of the affected software. Exploitation of this vulnerability allows an attacker to impersonate legitimate users, including those with administrative privileges, without needing valid credentials. This can lead to unauthorized access and potential administrative control over the compromised KACE SMA system. The vulnerability is categorized under CWE-287, which refers to improper authentication.

Description
Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid credentials. The vulnerability exists in the SSO authentication handling mechanism and can lead to complete administrative takeover.
Source
cve@mitre.org
NVD status
Analyzed
Products
kace_systems_management_appliance

Risk scores

CVSS 3.1

Type
Secondary
Base score
10
Impact score
6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability
Exploit added on
Apr 20, 2026
Exploit action due
May 4, 2026
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-287

Social media

Hype score
Not currently trending

  1. Quest KACE SMA CVE-2025-32975 (CVSS 10) exploited in the wild. Attackers bypass auth to seize admin control. Patch to version 14.1.101 or 14.0.341 now! #QuestKACE #CyberSecurity #InfoSec #EndpointManagement #VulnerabilityAlert #CVE #SupplyChainAttack https://t.co/AJbB4WzKQj http

    @the_yellow_fall

    16 May 2026

    1141 Impressions

    2 Retweets

    9 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  2. Quest KACE SMA, an endpoint management platform, has been targeted by attackers exploiting CVE-2025-32975, a severe authentication bypass vulnerability, according to a report by Hunt..io. https://t.co/pLw1aHtV3I

    @blackwired32799

    15 May 2026

    265 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. #Quest #KACE #SMA flaw CVE-2025-32975: when one unpatched tool opens the door to 60 organizations https://t.co/8ksQ5b9We1 #securityaffairs #hacking

    @securityaffairs

    14 May 2026

    428 Impressions

    0 Retweets

    0 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  4. #Quest #KACE #SMA #vulnerabilities #flaw CVE-2025-32975: when one unpatched tool opens the door to 60 organizations https://t.co/1fVobApePk https://t.co/ck0zFnpaHy

    @omvapt

    14 May 2026

    210 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-32975: How a Single Unpatched Quest KACE SMA Instance Affected 60 Organizations https://t.co/t0S5klHaL2

    @CyberSecuriUS

    14 May 2026

    216 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Quest KACE SMA flaw CVE-2025-32975: when one unpatched tool opens the door to 60 organizations - https://t.co/jQhLoHgmMZ

    @Whitehead4Jeff

    13 May 2026

    192 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. تعرّف على ثغرة Quest KACE SMA CVE-2025-32975: عندما يفتح أداة غير محدّثة الباب أمام 60 منظمة. Uncover the Quest KACE SMA flaw CVE-2025-32975: where one unpatched tool opens the door to 60 organizations https://t.co/TmfFD3nN79 #Cyb

    @fad_777

    13 May 2026

    175 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Quest KACE SMA flaw CVE-2025-32975: when one unpatched tool opens the door to 60 organizations https://t.co/I5Y8t16km4

    @Dinosn

    13 May 2026

    1219 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Quest KACE SMA flaw CVE-2025-32975: when one unpatched tool opens the door to 60 organizations: CVE-2025-32975 is a critical flaw in Quest KACE SMA used for endpoint management. If exploited, it could impact all managed systems across organizations.… https://t.co/982WNUlgSE htt

    @shah_sheikh

    13 May 2026

    214 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. #Quest #KACE #SMA flaw CVE-2025-32975: when one unpatched tool opens the door to 60 organizations https://t.co/8ksQ5b9We1 #securityaffairs #hacking @Huntio

    @securityaffairs

    13 May 2026

    1112 Impressions

    4 Retweets

    5 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  11. CVE-2025-32975: The Open Directory Behind the KACE SMA Breach and 60+ Downstream Victims https://t.co/ZLtYqNl6KG

    @yactina1336

    12 May 2026

    198 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. 🚨 NEW RESEARCH: CVE-2025-32975 - How the Quest KACE SMA Breach Exposed 60+ Organizations CVE-2025-32975 is a CVSS 10.0 auth bypass in Quest KACE SMA. Patch dropped May 2025. Active exploitation tracked as recently as March 2026: https://t.co/Xj88y3FMpz https://t.co/mfvOWuRQ

    @Huntio

    12 May 2026

    827 Impressions

    4 Retweets

    5 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  13. 🚨 NEW RESEARCH: CVE-2025-32975 - How the Quest KACE SMA Breach Exposed 60+ Organizations CVE-2025-32975 is a CVSS 10.0 auth bypass in Quest KACE SMA. Patch dropped May 2025. Active exploitation tracked as recently as March 2026: https://t.co/Xj88y3FMpz https://t.co/mfvOWuRQ

    @Huntio

    12 May 2026

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. CVE-2025-32975 is a critical authentication bypass vulnerability on KACE - https://t.co/k0MYpoLHR0…

    @hackingprincesa

    27 Apr 2026

    216 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  15. CISA added CVE-2025-32975 to KEV: auth bypass in Quest KACE SMA. An attacker impersonates any user — admins included — with no password. KACE pushes patches to your fleet, so owning it owns every endpoint it manages. https://t.co/hUMQKCGiLD

    @TechTranslators

    25 Apr 2026

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. Legacy exposure keeps paying off for attackers. CISA KEV flags Quest KACE SMA auth bypass as a high-prior… CVE-2025-32975 puts Quest KACE SMA on the urgent patch list after CISA added the authentica… 🔗 Read → https://t.co/H8F1a8fuPR

    @fynn_JourX

    22 Apr 2026

    115 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  17. For defenders, cisa kev flags quest kace sma auth bypass as a high-priority ri… should move fast. CVE-2025-32975 puts Quest KACE SMA on the urgent patch list after CISA added the authentica… 🔗 Details → https://t.co/sQmK6z2YuH

    @SocXAInvaders

    22 Apr 2026

    112 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  18. 🛑 CISA KEV flags Quest KACE SMA auth bypass as a high-priority risk CVE-2025-32975 puts Quest KACE SMA on the urgent patch list after CISA added the authentica… 🔗 Details → https://t.co/lfSAN5lHNc

    @lucasverdan

    22 Apr 2026

    119 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  19. CISA added eight vulnerabilities to its Known Exploited Vulnerabilities catalog, including critical flaws in Cisco Catalyst SD-WAN Manager and PaperCut NG/MF. Notable vulnerabilities include CVE-2025-32975 (CVSS 10. https://t.co/bvKoGUT1mD

    @securityRSS

    21 Apr 2026

    104 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. Warning: Authentication bypass vulnerability in #Quest KACE Systems Management Appliance. #CVE-2025-32975 CVSS: 10.0. This vulnerability was added to the #CISA #KEV catalogue. It is #actively exploited to achieve complete takeover. #RCE! https://t.co/isOpnOOwxE #Patch #Patch

    @CCBalert

    21 Apr 2026

    193 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2025-32975 #Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability https://t.co/5MPFnD3bxO

    @ScyScan

    21 Apr 2026

    138 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  22. CISA just added 8 vulnerabilities to Known Exploited Catalog. Active exploitation confirmed. CVE-2025-48700 (Zimbra XSS), CVE-2025-32975 (Quest KACE), CVE-2024-27199 (JetBrains TeamCity). If you're running these, you're already compromised. #Cybersecurity #CISA

    @battista212

    20 Apr 2026

    185 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  23. 🛡️ CVE-2025-32975: Vulnerabilidad Crítica de Autenticación en Quest KACE SMA Análisis técnico de la vulnerabilidad CVE-2025-32975 en Quest KACE Systems Management Appliance, con impacto crítico (CVSS 10.0) y recomendaciones para mitigar https://t.co/VuI1L5G0Xg #ciberp

    @CiberPlanetaOrg

    20 Apr 2026

    119 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  24. 🛡️ Alerta de Seguridad: Vulnerabilidad de Autenticación Impropia en Quest KACE Systems Management Appliance (SMA) (CVE-2025-32975) Quest KACE SMA presenta una vulnerabilidad de autenticación impropia (CWE-287) que permite a atacantes impersonar usuarios legítimos sin cred

    @CiberPlanetaOrg

    20 Apr 2026

    117 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  25. Quest KACE SMAの致命的脆弱性CVE-2025-32975が悪用中!CVSSスコア10.0の認証バイパスでシステム乗っ取りの危機 https://t.co/rKvzk2F25W https://t.co/860Fl7OCtV

    @gadgetota123

    15 Apr 2026

    66 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  26. ثغـ ـرة CVE-2025-32975 الحـ ـرجة تهدد أنظمة Quest KACE SMA وتتيح سيطرة كاملة للمهاجمين التفاصيل.. https://t.co/VGwOvY8i7C #مركز_الأمن_السيبراني_للابحاث_والدراسات https://t.co/uSiWBWPoBu

    @ccforrs

    4 Apr 2026

    187 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  27. ثغـ ـرة CVE-2025-32975 الحـ ـرجة تهـ ـدد أنظمة Quest KACE SMA وتتيح سيطرة كاملة للمهاجمين التفاصيل.. https://t.co/pplfSwCNpM #مركز_الأمن_السيبراني_للابحاث_والدراسات https://t.co/eGckHv9dro

    @ccforrs

    3 Apr 2026

    130 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  28. Arctic Wolf has observed malicious activity in customer environments potentially linked to the exploitation of CVE-2025-32975 on unpatched Quest KACE Systems Management Appliance (SMA) instances that were publicly exposed to the internet: https://t.co/6s5lyALSzR

    @AWNetworks

    30 Mar 2026

    751 Impressions

    3 Retweets

    8 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  29. Quest KACE SMA を標的とする攻撃チェーン:認証バイパスの脆弱性 CVE-2025-32975 を悪用 https://t.co/FTYias7QLT この攻撃の原因は、Quest KACE SMA の SSO 認証処理メカニズムに存在する、脆弱性 CVE-2025-32975

    @iototsecnews

    30 Mar 2026

    179 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  30. 🛑 CVE-2025-32975: Quest KACE SMA auth bypass exploited in the wild CVE-2025-32975 in Quest KACE SMA is under active exploitation, enabling admin takeover on u… 🔗 Details → https://t.co/j0macl55WK

    @lucasverdan

    27 Mar 2026

    103 Impressions

    1 Retweet

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  31. ⚠ Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems https://t.co/qbLBxPtJfC #CVE #ZeroDay #Vulnerability #PatchNow #CyberSecurity

    @guliguli480644

    26 Mar 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. Legacy exposure keeps paying off for attackers. CVE-2025-32975: Quest KACE SMA auth bypass exploited in t… CVE-2025-32975 in Quest KACE SMA is under active exploitation, enabling admin takeover on u… 🔗 Read → https://t.co/M1MmHrctPY

    @fynn_JourX

    25 Mar 2026

    96 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  33. Explotación activa de CVE-2025-32975 permite tomar el control de Quest KACE SMA sin parchear https://t.co/BhF7wuEn4G #Internet #Noticia #Tecnología #ciberSeguridad vía @unaaldia https://t.co/fbYAmrG2AE

    @Securizame

    25 Mar 2026

    235 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  34. Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems https://t.co/tqzW6K3yRS https://t.co/4J1o7gSUMy

    @TonyBeeTweets

    25 Mar 2026

    131 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  35. #Hackers exploit the CVE-2025-32975 (CVSS 10.0) to hijack the unpatched Quest KACE SMA systems. #CyberSecurity #InfoSec https://t.co/MKefKv5aB2 https://t.co/7cJcyQfp6k

    @twelvesec

    25 Mar 2026

    157 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. CVE-2025-32975 just hit Quest KACE SMA systems. CVSS: 10.0, perfect score. No credentials needed. Attackers walk straight into admin accounts. Patch dropped May 2025. Systems still getting hit weren't patched. Unpatched known vulns aren't bad luck. They're a choice.

    @Amir_secures

    24 Mar 2026

    131 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  37. https://t.co/mrwRqUC42P Critical CVE-2025-32975 Vulnerability in Quest KACE SMA Being Actively Exploited

    @pkhackers1337

    24 Mar 2026

    136 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  38. Critical vulnerability CVE-2025-32975 exploited in unpatched Quest KACE SMA systems. Ensure your systems are updated to prevent unauthorized access. Link: https://t.co/lypTPvml0V #Security #Vulnerability #Hacking #Threat #Exploit #Update #Patch #Systems #Unauthorized #Access http

    @dailytechonx

    24 Mar 2026

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. The exploitation of CVE-2025-32975, with its perfect CVSS score of 10.0, marks a dangerous escalation in the targeting of enterprise asset management tools like Quest's KACE SMA. Zero-day vulnerabilities in patch management workflows are increasingly lucrative attack vectors, htt

    @ZambeziSentinel

    24 Mar 2026

    165 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  40. CVE-2025-32975 (CVSS 10.0) actively exploited on unpatched Quest KACE SMA systems. Auth bypass → admin takeover → Mimikatz → encoded payloads via curl. Patch has been available since May 2025. If your KACE SMA is still unpatched, fix it now.

    @theSEalpha

    24 Mar 2026

    112 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  41. Researchers discovered hackers exploiting CVE-2025-32975, a CVSS 10.0 flaw in Quest KACE SMA. The authentication bypass allows total admin takeover. Arctic Wolf reports active attacks involving credential harvesting and lateral movement to backup infra #cybersecurity

    @CyberTLDR

    24 Mar 2026

    4 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  42. CVE-2025-32975 exploitation (ES) https://t.co/RdLQhNNX89

    @0x6D6172636F

    24 Mar 2026

    252 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  43. Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems https://t.co/HwAaTZCONp via @TheHackersNews

    @DCICyberSecNews

    24 Mar 2026

    122 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  44. Critical Quest KACE SMA RCE (CVE-2025-32975) Under Attack - https://t.co/Pr0Mj66mm9

    @Cyberwarzonecom

    24 Mar 2026

    136 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  45. 🚨 CVE-2025-32975 is being exploited against unpatched Quest KACE SMA systems. Patch immediately and do not expose SMA instances to the internet. 🛡️ https://t.co/fpKbFn6n04 #CyberSecurity #QuestKACE #CVE202532975 #InfoSec #Vulert

    @vulert_official

    24 Mar 2026

    105 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. For defenders, cve-2025-32975: quest kace sma auth bypass exploited in the wild should move fast. CVE-2025-32975 in Quest KACE SMA is under active exploitation, enabling admin takeover on u… 🔗 Details → https://t.co/p55yyv4QKU

    @SocXAInvaders

    24 Mar 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  47. Top 5 Trending CVEs: 1 - CVE-2026-21992 2 - CVE-2025-5777 3 - CVE-2026-3909 4 - CVE-2025-32975 5 - CVE-2008-0166 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    24 Mar 2026

    179 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  48. CVE-2025-32975: Arctic Wolf Observes Exploitation of Quest KACE Systems Management Appliance https://t.co/huYu5lAPyJ #patchmanagement

    @eyalestrin

    24 Mar 2026

    158 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    1 Quote

  49. 【絶対の掟】入るより逃げる方が100倍難しいんやで! Quest KACEの脆弱性CVE-2025-32975は危険度MAX10.0やん。乗っ取られる前に対策するんが命やけど投資も同じ!買う前に「〇円で売る」出口戦略を決めんと塩漬け

    @acoico_news

    24 Mar 2026

    117 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  50. Quest KACE SMA CVE-2025-32975 (CVSS 10.0) enables unauthenticated SSO bypass leading to admin takeover. Active exploitation observed since March 9th targeting internet-exposed systems. Patch immediately and remove public exposure. #DFIR_Radar https://t.co/DeYuGJGcv7

    @DFIR_Radar

    24 Mar 2026

    93 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

Configurations

Related CVEs

  1. Cisco Catalyst SD-WAN Manager Directory or Path Traversal VulnerabilityCVE-2026-20262
  2. LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following VulnerabilityCVE-2026-54420
  3. Check Point Security Gateway Improper Authentication VulnerabilityCVE-2026-50751
  4. A hard-coded cryptographic key is used by Altium Enterprise Server to sign file download URLs in the Vault service. Because the key is identical across all installations, an unauthenticated network attacker who can reach the server can forge valid download signatures and retrieve files from the Vault storage area without any authentication, session, or credentials. A separate path traversal vulnerability in the same download endpoint allows the configured storage root to be escaped, enabling reads of arbitrary files on the server filesystem. Combined, these issues allow an unauthenticated attacker to obtain sensitive server configuration and key material, which can lead to full server compromise. The vulnerability can be chained with CVE-2026-9152 to enumerate and bulk-download stored content. Altium 365 cloud deployments are not impacted in practice, as file storage uses object storage rather than the local filesystem.CVE-2026-11414
  5. A path traversal vulnerability exists in the Altium Enterprise Server Vault Service UploadController due to improper validation of a user-controlled path component in image upload requests. An authenticated user can supply a crafted absolute path so that the configured storage root is discarded, allowing arbitrary files to be written to any location on the server filesystem writable by the service account. Because content-controlled files can be written to web-accessible directories, or used to overwrite application binaries or configuration files, this can be escalated to remote code execution, service takeover, or denial of service. Altium 365 cloud deployments are not affected, as the affected endpoint is not reachable and the cloud storage architecture mitigates the file-write primitive.CVE-2026-11419

References

Sources include official advisories and independent security research.