PT-2025-26743 · Quest · Quest Kace System Management Appliance
Mohamed Mahmoudi
+1
·
Published
2025-06-24
·
Updated
2026-03-20
·
CVE-2025-32978
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions:
Quest KACE Systems Management Appliance (SMA) versions 13.0.x through 13.0.384
Quest KACE Systems Management Appliance (SMA) versions 13.1.x through 13.1.80
Quest KACE Systems Management Appliance (SMA) versions 13.2.x through 13.2.182
Quest KACE Systems Management Appliance (SMA) versions 14.0.x through 14.0.340 (before Patch 5)
Quest KACE Systems Management Appliance (SMA) versions 14.1.x through 14.1.100 (before Patch 4)
Description:
The issue allows unauthenticated users to replace system licenses through a web interface intended for license renewal. Attackers can exploit this to replace valid licenses with expired or trial licenses, causing denial of service.
Recommendations:
For versions 13.0.x through 13.0.384, update to version 13.0.385 or later.
For versions 13.1.x through 13.1.80, update to version 13.1.81 or later.
For versions 13.2.x through 13.2.182, update to version 13.2.183 or later.
For versions 14.0.x through 14.0.340, apply Patch 5 or later.
For versions 14.1.x through 14.1.100, apply Patch 4 or later.
Fix
DoS
Missing Authentication
Authentication Bypass Using an Alternate Path or Channel
Improper Authentication
Improper Verification of Cryptographic Signature
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Quest Kace System Management Appliance