Cyber Resilience

CVE-2025-32975

CriticalCISA KEVActive ExploitationEUVD Exploited

Published: 24 June 2025

Published
24 June 2025
Modified
21 April 2026
KEV Added
20 April 2026
Patch
CVSS Score v3.1 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.3931 97.4th percentile
Risk Priority 64 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-32975 is a critical-severity Improper Authentication (CWE-287) vulnerability in Quest Kace Systems Management Appliance. Its CVSS base score is 10.0 (Critical).

Operationally, ranked in the top 2.6% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-2 (Identification and Authentication (Organizational Users)).

Deeper analysis

Quest KACE Systems Management Appliance (SMA) versions 13.0.x prior to 13.0.385, 13.1.x prior to 13.1.81, 13.2.x prior to 13.2.183, 14.0.x prior to 14.0.341 Patch 5, and 14.1.x prior to 14.1.101 Patch 4 contain an authentication bypass vulnerability in the SSO authentication handling mechanism. The flaw, tracked as CWE-287 with a CVSS score of 10.0, permits attackers to impersonate legitimate users without supplying valid credentials and can result in full administrative control of the appliance.

Unauthenticated remote attackers can exploit the issue over the network to bypass authentication entirely, impersonate any user account, and achieve complete administrative takeover of the KACE SMA instance. No user interaction or prior privileges are required for successful exploitation.

Vendor guidance from Quest directs customers to apply the listed patches for each affected branch. CISA has added the CVE to its Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild and underscoring the need for immediate remediation.

The EPSS score rose materially from a low baseline to a peak of 0.7531 on 2026-04-21 before receding to the current value of 0.3931, indicating that exploitation interest increased after public disclosure.

EU & UK References

Vulnerability details

Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid…

more

credentials. The vulnerability exists in the SSO authentication handling mechanism and can lead to complete administrative takeover.

CWE(s)
KEV Date Added
20 April 2026

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

quest
kace systems management appliance
13.0 — 13.0.385 · 13.1 — 13.1.81 · 13.2 — 13.2.183

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces authentication decisions before granting access, blocking the SSO bypass that allows impersonation without credentials.

prevent

Requires verified identification and authentication of users prior to system access, directly countering the improper authentication flaw in the SSO mechanism.

prevent

Mandates timely application of vendor patches that remediate the authentication bypass vulnerability in affected KACE SMA versions.

References