CVE-2025-32975
Published: 24 June 2025
Summary
CVE-2025-32975 is a critical-severity Improper Authentication (CWE-287) vulnerability in Quest Kace Systems Management Appliance. Its CVSS base score is 10.0 (Critical).
Operationally, ranked in the top 2.6% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).
Deeper analysis
Quest KACE Systems Management Appliance (SMA) versions 13.0.x prior to 13.0.385, 13.1.x prior to 13.1.81, 13.2.x prior to 13.2.183, 14.0.x prior to 14.0.341 Patch 5, and 14.1.x prior to 14.1.101 Patch 4 contain an authentication bypass vulnerability in the SSO authentication handling mechanism. The flaw, tracked as CWE-287 with a CVSS score of 10.0, permits attackers to impersonate legitimate users without supplying valid credentials and can result in full administrative control of the appliance.
Unauthenticated remote attackers can exploit the issue over the network to bypass authentication entirely, impersonate any user account, and achieve complete administrative takeover of the KACE SMA instance. No user interaction or prior privileges are required for successful exploitation.
Vendor guidance from Quest directs customers to apply the listed patches for each affected branch. CISA has added the CVE to its Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild and underscoring the need for immediate remediation.
The EPSS score rose materially from a low baseline to a peak of 0.7531 on 2026-04-21 before receding to the current value of 0.3931, indicating that exploitation interest increased after public disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-19028
Vulnerability details
Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid…
more
credentials. The vulnerability exists in the SSO authentication handling mechanism and can lead to complete administrative takeover.
- CWE(s)
- KEV Date Added
- 20 April 2026
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces authentication decisions before granting access, blocking the SSO bypass that allows impersonation without credentials.
Requires verified identification and authentication of users prior to system access, directly countering the improper authentication flaw in the SSO mechanism.
Mandates timely application of vendor patches that remediate the authentication bypass vulnerability in affected KACE SMA versions.