CVE-2025-32975 Exploited - Critical Flaw in Quest KACE SMA
Basically, hackers are using a serious flaw to take control of certain computer systems without permission.
Hackers are exploiting a critical flaw in Quest KACE SMA systems. This vulnerability allows unauthorized access to administrative accounts. Organizations must apply patches to avoid severe risks.
The Flaw
CVE-2025-32975 has been identified as a maximum-severity vulnerability with a CVSS score of 10.0. This security flaw affects the Quest KACE Systems Management Appliance (SMA) and allows attackers to bypass authentication. By exploiting this vulnerability, malicious actors can impersonate legitimate users, gaining unauthorized access to administrative accounts. This poses a significant risk, as it could lead to a complete takeover of affected systems.
The vulnerability was first observed being exploited in the wild starting the week of March 9, 2026. Cybersecurity firm Arctic Wolf reported the malicious activity, indicating that unpatched SMA systems exposed to the internet are particularly vulnerable. The issue was patched by Quest in May 2025, but many systems remain unupdated, leaving them open to exploitation.
What's at Risk
Organizations using Quest KACE SMA systems are at substantial risk if they have not applied the necessary patches. The flaw allows attackers to execute remote commands and potentially take control of sensitive administrative accounts. This could lead to data breaches, unauthorized access to critical systems, and further exploitation of network resources.
Additionally, the attackers have been observed using various techniques to maintain persistence within the compromised systems. These include creating new administrative accounts and modifying the Windows Registry, which can make it difficult to detect and remove the malicious presence.
Patch Status
Quest has released patches for this vulnerability in several versions of the KACE SMA, including 13.0.385, 13.1.81, 13.2.183, 14.0.341 (Patch 5), and 14.1.101 (Patch 4). It is crucial for organizations to ensure that they are running these updated versions to mitigate the risk posed by CVE-2025-32975.
Administrators are urged to check their systems for the latest updates and apply them immediately. Ignoring these updates could lead to severe consequences, including loss of data and control over critical IT infrastructure.
Immediate Actions
To protect against the exploitation of CVE-2025-32975, organizations should take immediate steps:
- Apply the latest patches for Quest KACE SMA systems.
- Avoid exposing SMA instances to the internet whenever possible.
- Monitor network traffic for unusual activity that may indicate exploitation attempts.
- Implement additional security measures, such as multi-factor authentication, to further protect administrative accounts.
By taking these proactive measures, organizations can significantly reduce their risk of falling victim to attacks exploiting this critical vulnerability.
The Hacker News