PT-2025-26740 · Quest · Quest Kace System Management Appliance
Mohamed Mahmoudi
+1
·
Published
2025-06-24
·
Updated
2025-06-26
·
CVE-2025-32975
CVSS v3.1
10
Critical
| AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Quest KACE Systems Management Appliance (SMA) versions 13.0.x through 13.0.384
Quest KACE Systems Management Appliance (SMA) versions 13.1.x through 13.1.80
Quest KACE Systems Management Appliance (SMA) versions 13.2.x through 13.2.182
Quest KACE Systems Management Appliance (SMA) versions 14.0.x through 14.0.340 (before Patch 5)
Quest KACE Systems Management Appliance (SMA) versions 14.1.x through 14.1.100 (before Patch 4)
Description:
The issue allows attackers to impersonate legitimate users without valid credentials due to an authentication bypass. This exists in the SSO authentication handling mechanism and can lead to complete administrative takeover.
Recommendations:
For versions 13.0.x through 13.0.384, update to version 13.0.385 or later.
For versions 13.1.x through 13.1.80, update to version 13.1.81 or later.
For versions 13.2.x through 13.2.182, update to version 13.2.183 or later.
For versions 14.0.x through 14.0.340, apply Patch 5 or later.
For versions 14.1.x through 14.1.100, apply Patch 4 or later.
Fix
RCE
Missing Authentication
Improper Verification of Cryptographic Signature
Improper Authentication
Authentication Bypass Using an Alternate Path or Channel
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Quest Kace System Management Appliance