Patch/Configuration Management

Critical Quest KACE SMA flaw exploited after 10 months

Quest KACE SMA, an endpoint management platform, has been targeted by attackers exploiting CVE-2025-32975, a severe authentication bypass vulnerability, according to a report by Hunt.io. This flaw, with a CVSS score of 10.0, allows unauthenticated attackers to impersonate users, including administrators, without credentials. The vulnerability's exploitation highlights the significant risks associated with unpatched systems in enterprise environments, with further coverage provided by Security Affairs.

The critical vulnerability CVE-2025-32975 in Quest KACE Systems Management Appliance (SMA) was actively exploited by attackers who had not patched the system for 10 months after a fix was released in May 2025. The flaw enabled attackers to bypass authentication and gain access to the system. In one documented incident, attackers compromised a managed services provider (MSP), HIQ, which managed IT for over 60 organizations across sectors including law enforcement, healthcare, and education. The attackers exfiltrated a 512 MB database dump containing sensitive information about HIQ's clients and operations. The sophisticated toolkit used by the attackers included tools for reverse shells, command and control, account creation, credential spraying, reconnaissance, and establishing persistent network access.

This incident underscores the significant supply chain risk posed by unpatched vendor software, as the downstream organizations were impacted despite not directly using the vulnerable KACE SMA system themselves. Researchers identified over 12,000 internet-facing KACE 1000 appliances potentially vulnerable due to outdated versions.

Source: Security Affairs

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds