CVE-2025-32975

Name of the Vulnerable Software and Affected Versions Quest KACE Systems Management Appliance (SMA) versions 13.0.x prior to 13.0.385 Quest KACE Systems Management Appliance (SMA) versions 13.1.x prior to 13.1.81 Quest KACE Systems Management Appliance (SMA) versions 13.2.x prior to 13.2.183 Quest KACE Systems Management Appliance (SMA) versions 14.0.x prior to 14.0.341 (Patch 5) Quest KACE Systems Management Appliance (SMA) versions 14.1.x prior to 14.1.101 (Patch 4)

Description An authentication bypass issue exists in the SSO authentication handling mechanism, allowing remote attackers to impersonate legitimate users without valid credentials, which can lead to complete administrative takeover. Technical exploitation involves remote command execution via the KPluginRunProcess() function, using curl to deliver Base64-encoded payloads and establishing persistence through registry changes. This flaw has been actively exploited in real-world incidents, specifically targeting internet-exposed systems and organizations within the education sector, enabling attackers to move laterally to managed endpoints and steal credentials. Other reported issues include errors in cryptographic signature verification allowing the upload of backup files and a lack of authentication for critical functions that could result in a denial of service.

Recommendations Update versions 13.0.x to 13.0.385 or newer. Update versions 13.1.x to 13.1.81 or newer. Update versions 13.2.x to 13.2.183 or newer. Update versions 14.0.x to 14.0.341 (Patch 5) or newer. Update versions 14.1.x to 14.1.101 (Patch 4) or newer. Restrict public internet exposure by using a firewall, VPN, or air-gapping the system.