COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2025-32975

CVE-2025-32975

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-04-20
Reference
https://nvd.nist.gov/vuln/detail/CVE-2025-32975
⌖ exploited in the wild shame 45/100 exploited-in-wildauth-bypass

Quest KACE SMA allows impersonation without credentials, enabling attackers to bypass authentication controls.

This vulnerability permits attackers to impersonate legitimate users without valid credentials, undermining identity verification in Quest KACE SMA deployments. DIB organizations must patch immediately to prevent unauthorized access to management consoles and potentially escalate privileges within the environment.

Shame score — The vulnerability is actively exploited but represents a known authentication bypass rather than a novel zero-day or supply-chain failure.

Players implicated

Quest · vendorKACE Systems Management Appliance (SMA) · product

Description

Quest KACE Systems Management Appliance (SMA) contains an improper authentication vulnerability that could allow attackers to impersonate legitimate users without valid credentials.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.