CVE-2025-32975: Critical Authentication Bypass in Quest KACE SMA Allows Full System Takeover

A critical security vulnerability, identified as CVE-2025-32975, has been discovered in Quest KACE Systems Management Appliance (SMA). This flaw allows attackers to bypass authentication mechanisms, impersonate legitimate users, and potentially gain complete administrative control of the affected system. Organizations using KACE SMA are strongly advised to apply the available patches immediately.

Vulnerability Details

• CVE ID: CVE-2025-32975
• Description: Quest KACE Systems Management Appliance (SMA) versions before 13.0.385, 13.1.81, 13.2.183, 14.0.341 (Patch 5), and 14.1.101 (Patch 4) contain an authentication bypass vulnerability. Attackers can impersonate legitimate users without valid credentials due to a flaw in the SSO authentication handling mechanism. This can lead to complete administrative takeover.
• CVSS Score: 10.0 (Critical)
• CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
• CVSS Explanation:
  • AV:N (Network): The vulnerability is exploitable over the network.
  • AC:L (Low): No special conditions are required to exploit the vulnerability.
  • PR:N (None): No privileges are required to exploit the vulnerability.
  • UI:N (None): No user interaction is required to exploit the vulnerability.
  • S:C (Changed): An exploitation can affect resources beyond the attacker's control.
  • C:H (High): There is a high impact to confidentiality.
  • I:H (High): There is a high impact to integrity.
  • A:H (High): There is a high impact to availability.
• Exploit Requirements: Network access to the KACE SMA system.
• Affected Vendor: Quest
• Affected Product: KACE Systems Management Appliance (SMA)
• Affected Versions: 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4)
• CWE: CWE-287 - Improper Authentication
• CWE Explanation: Improper Authentication occurs when the system does not adequately verify the identity of a user or process, allowing unauthorized access to resources.

Timeline of Events

• 2025-06-24: CVE-2025-32975 is published.
• [Date Unknown]: Vulnerability reported to Quest.
• [Date Unknown]: Patches released by Quest.

Exploitability & Real-World Risk

The authentication bypass vulnerability in Quest KACE SMA poses a significant risk to organizations. An attacker can leverage this vulnerability to gain unauthorized access to the system, potentially leading to data breaches, system compromise, and disruption of services. Given the critical nature of the affected system management appliance, the impact of a successful exploit could be severe.

Recommendations

To mitigate the risk posed by CVE-2025-32975, organizations should take the following steps:

• Apply Patches: Immediately apply the security patches provided by Quest to update KACE SMA to versions 13.0.385, 13.1.81, 13.2.183, 14.0.341 (Patch 5), or 14.1.101 (Patch 4) or later.
• Review Access Controls: After patching, review user accounts and permissions to ensure that access is appropriately restricted.
• Monitor for Suspicious Activity: Implement monitoring and alerting mechanisms to detect any unauthorized access attempts or suspicious activity on the KACE SMA system.
• Implement Multi-Factor Authentication (MFA): Where possible, enforce MFA to provide an additional layer of security.

Technical Insight

The vulnerability lies within the Single Sign-On (SSO) authentication handling mechanism of KACE SMA. The specific details of the vulnerability are not publicly available to prevent further exploitation before patching. However, it's likely that the flaw involves a failure to properly validate user credentials during the authentication process.

Credit to Researcher(s)

The vulnerability was discovered by Seralys researchers.

References

• Full Disclosure Mailing List
• Seralys Research Advisory
• Quest Security Advisory

Tags

CVE-2025-32975, Quest, KACE SMA, Authentication Bypass, Remote Code Execution, SSO, Security Vulnerability

Summary: A critical authentication bypass vulnerability (CVE-2025-32975) exists in Quest KACE SMA, allowing attackers to impersonate users and gain administrative control. Patch immediately to prevent system compromise and data breaches.

CVE ID: CVE-2025-32975

Risk Analysis: Successful exploitation of this vulnerability can lead to complete administrative takeover of the KACE SMA system, allowing attackers to steal sensitive data, modify system configurations, and disrupt services.

Recommendation: Apply the security patches provided by Quest to update KACE SMA to the latest version. Review user accounts and permissions, implement MFA, and monitor for suspicious activity.

Timeline

• 2025-06-24: CVE-2025-32975 is published.

References

• https://seclists.org/fulldisclosure/2025/Jun/22
• https://seralys.com/research/CVE-2025-32975.txt
• https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978