CP
cyberpings
VulnerabilitiesHIGH

CVE-2025-32975 - Exploitation of Quest KACE Systems Alert

AWArctic Wolf Blog
CVE-2025-32975Quest KACEArctic Wolfauthentication bypassmalicious activity
🎯

Basically, a security flaw lets hackers take control of certain computer systems without permission.

Quick Summary

Malicious activity linked to CVE-2025-32975 has been observed on unpatched Quest KACE Systems Management Appliances. This vulnerability allows unauthorized access, risking administrative control. Organizations must patch their systems to mitigate these risks.

The Flaw

CVE-2025-32975 is a critical vulnerability found in the Quest KACE Systems Management Appliance (SMA). This flaw allows threat actors to bypass authentication, enabling them to impersonate legitimate users. The vulnerability resides in the Single Sign-On (SSO) authentication process, which can lead to complete administrative takeover of the appliance. Notably, this vulnerability was patched in May 2025, yet many instances remain unpatched and exposed to the internet.

Starting the week of March 9, 2026, Arctic Wolf detected malicious activities in customer environments that appear to be linked to the exploitation of this vulnerability. The attackers leveraged the flaw to gain unauthorized access, indicating that organizations must act swiftly to mitigate risks.

What's at Risk

The Quest KACE SMA is designed for centralized endpoint management, which includes inventory management, software deployment, and endpoint monitoring. If compromised, attackers can gain administrative control over the entire system, potentially leading to widespread data breaches and operational disruptions.

The observed exploitation involved various techniques, including executing remote commands and creating unauthorized administrative accounts. These actions could allow attackers to manipulate system settings, harvest credentials, and even move laterally within the network to access other critical systems.

Patch Status

As of now, Arctic Wolf emphasizes the importance of upgrading to the latest fixed version of Quest KACE SMA. The following versions are recommended:

  • Version 13.0.385 or later
  • Version 13.1.81 or later
  • Version 13.2.183 or later
  • Version 14.0.341 (Patch 5) or later
  • Version 14.1.101 (Patch 4) or later

Organizations should follow their internal patching and testing guidelines to minimize operational impacts while ensuring that their systems are secured against this vulnerability.

Immediate Actions

To protect against CVE-2025-32975, Arctic Wolf recommends the following immediate actions:

  • Upgrade to the latest fixed version of Quest KACE SMA to close the vulnerability.
  • Remove any publicly exposed instances of KACE SMA from the internet. If remote access is necessary, it should be secured through a VPN or firewall.
  • Implement best practices by keeping management appliances non-internet-facing unless absolutely required. This reduces the attack surface and enhances overall security posture.

By taking these steps, organizations can significantly reduce their risk of exploitation and protect sensitive data from unauthorized access.

🔒 Pro insight: The exploitation of CVE-2025-32975 underscores the critical need for timely patch management in enterprise environments.

Original article from

Arctic Wolf Blog · Andres Ramos

Read Full Article

Share

Related Pings

HIGHVulnerabilities

ScreenConnect Vulnerability - ConnectWise Issues Critical Alert

ConnectWise has warned of a critical vulnerability in ScreenConnect. This flaw could allow unauthorized access to remote systems. Users must upgrade immediately to protect their networks.

SC Media·
HIGHVulnerabilities

Vulnerabilities in IP KVM Devices - Significant Network Risks

Recent findings reveal critical vulnerabilities in IP KVM devices, exposing networks to severe risks. Attackers can gain root access and execute malicious code, threatening security. Immediate action is essential to mitigate these vulnerabilities.

SC Media·
CRITICALVulnerabilities

Ubiquiti UniFi Vulnerability - Critical Account Hijacking Risk

Ubiquiti has patched critical vulnerabilities in its UniFi Network app, allowing potential account hijacking. Users must update to secure their systems. This flaw poses serious risks to network security.

Security Affairs·
HIGHVulnerabilities

CVE-2025-32975 - Exploitation of Quest KACE Systems

Arctic Wolf has detected exploitation of a critical vulnerability in Quest KACE Systems Management Appliances. Unpatched systems are at risk of unauthorized access and administrative takeover. Organizations must act quickly to patch their systems and secure their environments.

Arctic Wolf Blog·
HIGHVulnerabilities

PolyShell Vulnerability - Unauthenticated RCE in Magento Stores

A new vulnerability called 'PolyShell' threatens Magento e-stores by allowing unauthorized remote code execution. This flaw affects all versions of Magento Open Source and Adobe Commerce. Immediate action is required to secure these platforms from potential attacks.

BleepingComputer·
HIGHVulnerabilities

Spring Security Vulnerabilities - Critical Updates Released

Spring has issued critical updates for vulnerabilities in Spring Boot and Spring Security. Users must act quickly to apply these updates to prevent unauthorized access. Protect your applications by reviewing the advisories and updating your systems.

Canadian Cyber Centre Alerts·