Quest KACE SMA, an endpoint management platform, has been targeted by attackers exploiting CVE-2025-32975, a severe authentication bypass vulnerability, according to a report by Hunt.io. This flaw, with a CVSS score of 10.0, allows unauthenticated attackers to impersonate users, including administrators, without credentials. The vulnerability's exploitation highlights the significant risks associated with unpatched systems in enterprise environments, with further coverage provided by Security Affairs.The critical vulnerability CVE-2025-32975 in Quest KACE Systems Management Appliance (SMA) was actively exploited by attackers who had not patched the system for 10 months after a fix was released in May 2025. The flaw enabled attackers to bypass authentication and gain access to the system. In one documented incident, attackers compromised a managed services provider (MSP), HIQ, which managed IT for over 60 organizations across sectors including law enforcement, healthcare, and education. The attackers exfiltrated a 512 MB database dump containing sensitive information about HIQ's clients and operations. The sophisticated toolkit used by the attackers included tools for reverse shells, command and control, account creation, credential spraying, reconnaissance, and establishing persistent network access.This incident underscores the significant supply chain risk posed by unpatched vendor software, as the downstream organizations were impacted despite not directly using the vulnerable KACE SMA system themselves. Researchers identified over 12,000 internet-facing KACE 1000 appliances potentially vulnerable due to outdated versions.Source: Security Affairs
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds




