Scworld
Critical CVE-2025-32975 Flaw in Quest KACE SMA Exploited, Affecting 60 Organizations
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
The CVE-2025-32975 vulnerability in Quest KACE SMA, an endpoint management platform, has been exploited after remaining unpatched for 10 months. This severe authentication bypass flaw, with a CVSS score of 10.0, allows attackers to impersonate users without credentials. The incident primarily affected HIQ, a managed services provider, leading to the exfiltration of a 512 MB database containing sensitive information from over 60 organizations, including law enforcement and healthcare. Attackers utilized a sophisticated toolkit for reverse shells, command and control, and credential spraying. The vulnerability was published on June 24, 2025, and was added to CISA's KEV list for active exploitation on April 20, 2026. Over 12,000 internet-facing KACE 1000 appliances are potentially vulnerable due to outdated versions. The incident emphasizes the risks of unpatched vendor software in supply chains.
Key Points: • CVE-2025-32975 is a critical authentication bypass flaw in Quest KACE SMA. • Attackers exploited the vulnerability to access sensitive data from over 60 organizations. • More than 12,000 KACE appliances are potentially vulnerable due to outdated software.