CVE-2025-32977

Name of the Vulnerable Software and Affected Versions: Quest KACE Systems Management Appliance (SMA) versions 13.0.x through 13.0.384 Quest KACE Systems Management Appliance (SMA) versions 13.1.x through 13.1.80 Quest KACE Systems Management Appliance (SMA) versions 13.2.x through 13.2.182 Quest KACE Systems Management Appliance (SMA) versions 14.0.x through 14.0.340 (before Patch 5) Quest KACE Systems Management Appliance (SMA) versions 14.1.x through 14.1.100 (before Patch 4)

Description: The issue allows unauthenticated users to upload backup files to the system. Although signature validation is implemented, weaknesses in the validation process can be exploited to upload malicious backup content, potentially compromising system integrity.

Recommendations: For versions 13.0.x through 13.0.384, update to version 13.0.385 or later. For versions 13.1.x through 13.1.80, update to version 13.1.81 or later. For versions 13.2.x through 13.2.182, update to version 13.2.183 or later. For versions 14.0.x through 14.0.340, apply Patch 5 or later. For versions 14.1.x through 14.1.100, apply Patch 4 or later.