A critical vulnerability, CVE-2025-32975, with a CVSS score of 10.0, is being exploited by hackers to compromise unpatched Quest KACE Systems Management Appliance (SMA) systems. The flaw allows threat actors to hijack these systems, and malicious activity has been observed in customer environments since the week of March 9, 2026. The exploitation is targeting SMA systems that are exposed to the internet and have not been patched, highlighting the need for immediate remediation. The vulnerability has a maximum severity rating, indicating a high level of risk. As a result, organizations using Quest KACE SMA systems should prioritize patching and monitoring their systems for signs of exploitation1. This vulnerability expansion increases the active attack surface, making it essential for practitioners to assess their exposure and take proactive measures to prevent potential breaches.
Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems
⚡ High Priority
Why This Matters
CVE-2025-32975 disclosure expands the active attack surface — prioritize based on your exposure and exploitation evidence.
References
- The Hacker News. (2026, March 23). Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems. *The Hacker News*. https://thehackernews.com/2026/03/hackers-exploit-cve-2025-32975-cvss-100.html
Original Source
The Hacker News
Read original →