CVE-2025-32975

Name of the Vulnerable Software and Affected Versions Quest KACE Systems Management Appliance (SMA) versions 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4)

Description The Quest KACE Systems Management Appliance (SMA) is affected by authentication bypass issues. Successful exploitation allows attackers to impersonate legitimate users without valid credentials, potentially leading to complete administrative takeover. Reports indicate active exploitation of this issue, with attackers gaining administrative control and moving laterally within affected networks. The vulnerability exists in the Single Sign-On (SSO) authentication handling mechanism. Multiple reports indicate that systems in the education sector have been targeted. Attackers are utilizing techniques such as bypassing authentication, executing commands via KPluginRunProcess, delivering Base64-encoded payloads through curl, establishing persistence via registry changes, and employing tools like Mimikatz for credential theft.

Recommendations Quest KACE Systems Management Appliance (SMA) versions 13.0.x before 13.0.385: Update to version 13.0.385 or later. Quest KACE Systems Management Appliance (SMA) versions 13.1.x before 13.1.81: Update to version 13.1.81 or later. Quest KACE Systems Management Appliance (SMA) versions 13.2.x before 13.2.183: Update to version 13.2.183 or later. Quest KACE Systems Management Appliance (SMA) versions 14.0.x before 14.0.341 (Patch 5): Update to version 14.0.341 (Patch 5) or later. Quest KACE Systems Management Appliance (SMA) versions 14.1.x before 14.1.101 (Patch 4): Update to version 14.1.101 (Patch 4) or later. Restrict internet access to the KACE SMA appliance. Review system logs for suspicious activity, including unauthorized access attempts and unusual command executions. Assume a potential breach and conduct a thorough compromise assessment if the system was exposed.