CVE-2025-32975

Name of the Vulnerable Software and Affected Versions Quest KACE Systems Management Appliance (SMA) versions 13.0.x prior to 13.0.385 Quest KACE Systems Management Appliance (SMA) versions 13.1.x prior to 13.1.81 Quest KACE Systems Management Appliance (SMA) versions 13.2.x prior to 13.2.183 Quest KACE Systems Management Appliance (SMA) versions 14.0.x prior to 14.0.341 (Patch 5) Quest KACE Systems Management Appliance (SMA) versions 14.1.x prior to 14.1.101 (Patch 4)

Description An authentication bypass issue exists in the SSO authentication handling mechanism, allowing remote attackers to impersonate legitimate users without valid credentials, which can lead to complete administrative takeover. Other identified flaws include errors in cryptographic signature verification that allow the upload of backup files and a lack of authentication for a critical function that can cause a denial of service. Real-world exploitation has been observed, with threat actors targeting internet-exposed appliances to execute remote commands via KPluginRunProcess and deliver Base64-encoded payloads using curl. One significant incident involved a managed service provider (MSP) where the compromise exposed over 60 downstream organizations across government, healthcare, and education sectors. It is estimated that over 12,000 instances remain internet-facing and unpatched.

Recommendations Update versions 13.0.x to 13.0.385 or later. Update versions 13.1.x to 13.1.81 or later. Update versions 13.2.x to 13.2.183 or later. Update versions 14.0.x to 14.0.341 (Patch 5) or later. Update versions 14.1.x to 14.1.101 (Patch 4) or later. Remove the appliance from the public internet by using a firewall, VPN, or air-gapping the system.