CVE-2025-32975
Awaiting Analysis Awaiting Analysis - Queue
BaseFortify

Publication date: 2025-06-24

Last updated on: 2026-04-21

Assigner: MITRE

Description
Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid credentials. The vulnerability exists in the SSO authentication handling mechanism and can lead to complete administrative takeover.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-06-24
Last Modified
2026-04-21
Generated
2026-05-07
AI Q&A
2025-06-24
EPSS Evaluated
2026-05-05
NVD
CVE-2025-32975
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
quest kace_systems_management_appliance From 13.0 (inc) to 13.0.385 (exc)
quest kace_systems_management_appliance From 13.1 (inc) to 13.1.81 (exc)
quest kace_systems_management_appliance From 13.2 (inc) to 13.2.183 (exc)
quest kace_systems_management_appliance From 14.0 (inc) to 14.0.341 (exc)
quest kace_systems_management_appliance From 14.1 (inc) to 14.1.101 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-32975 is a critical authentication bypass vulnerability in Quest KACE Systems Management Appliance (SMA). It exists in the Single Sign-On (SSO) authentication handling mechanism, allowing attackers to impersonate any valid user without needing valid credentials. This flaw enables a complete administrative takeover of the appliance. [1, 2]


How can this vulnerability impact me? :

This vulnerability can lead to a complete administrative takeover of the Quest KACE SMA appliance by attackers without requiring any authentication credentials. This means attackers can gain full control over the system, compromising confidentiality, integrity, and availability of the appliance and its managed resources. [1, 2]


What immediate steps should I take to mitigate this vulnerability?

Administrators should immediately update the Quest KACE Systems Management Appliance (SMA) to the fixed versions: 13.0.385, 13.1.81, 13.2.183, 14.0.341 (Patch 5), or 14.1.101 (Patch 4). Applying these patches will address the authentication bypass vulnerability and prevent attackers from impersonating legitimate users and gaining administrative access. [1, 2]


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart