Vulnerability Description
Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid credentials. The vulnerability exists in the SSO authentication handling mechanism and can lead to complete administrative takeover.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Quest | Kace Systems Management Appliance | >= 13.0, < 13.0.385 |
Related Weaknesses (CWE)
References
- https://seclists.org/fulldisclosure/2025/Jun/22Mailing ListThird Party Advisory
- https://seralys.com/research/CVE-2025-32975.txtThird Party Advisory
- https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-Vendor Advisory
- http://seclists.org/fulldisclosure/2025/Jun/25Mailing ListThird Party Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-US Government Resource
FAQ
What is CVE-2025-32975?
CVE-2025-32975 is a vulnerability with a CVSS score of 10.0 (CRITICAL). Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains an ...
How severe is CVE-2025-32975?
CVE-2025-32975 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2025-32975?
Check the references section above for vendor advisories and patch information. Affected products include: Quest Kace Systems Management Appliance.