Exposures › CVE-2025-32975
Quest KACE SMA allows impersonation without credentials, enabling attackers to bypass authentication controls.
This vulnerability permits attackers to impersonate legitimate users without valid credentials, undermining identity verification in Quest KACE SMA deployments. DIB organizations must patch immediately to prevent unauthorized access to management consoles and potentially escalate privileges within the environment.
Shame score — The vulnerability is actively exploited but represents a known authentication bypass rather than a novel zero-day or supply-chain failure.
Quest KACE Systems Management Appliance (SMA) contains an improper authentication vulnerability that could allow attackers to impersonate legitimate users without valid credentials.
No correlated FedRAMP products.