A critical authentication bypass vulnerability, identified as CVE-2025-32975, has been discovered in Quest KACE Systems Management Appliance (SMA), an on-premises platform crucial for endpoint management. This flaw permits unauthorized access to the KACE SMA system, which, if exploited, could compromise all managed systems across an organization. Given KACE SMA's central role in managing software deployment, patching, and device control, its compromise grants an attacker extensive control over a network's entire IT infrastructure. Organizations leveraging this platform face significant exposure, as a single unpatched instance acts as a high-value target, presenting a singular point of failure capable of yielding widespread system access1. Security practitioners must prioritize addressing this vulnerability due to its potential to facilitate broad operational disruption and data exfiltration. Proactive mitigation, including timely patching and enhanced security measures, is essential to neutralize the substantial risk posed by this critical flaw.
Quest KACE SMA flaw CVE-2025-32975: when one unpatched tool opens the door to 60 organizations
⚡ High Priority
Why This Matters
CVE-2025-32975 disclosure expands the active attack surface — prioritize based on your exposure and exploitation evidence.
References
- SecurityAffairs. (2026, May 13). *Quest KACE SMA flaw CVE-2025-32975: when one unpatched tool opens the door to 60 organizations*. https://securityaffairs.com/192067/security/quest-kace-sma-flaw-cve-2025-32975-when-one-unpatched-tool-opens-the-door-to-60-organizations.html
Original Source
SecurityAffairs
Read original →