Critical CVE-2025-32975 Flaw in Quest KACE SMA Exploited, Affecting 60 Organizations

Critical CVE-2025-32975 Flaw in Quest KACE SMA Exploited, Affecting 60 Organizations

First seen 14 May 2026, 16:43 UTC Securityaffairs.CoScworld 78% similarity 75.0

Article Content

Browse articles
ThreatCluster

The CVE-2025-32975 vulnerability in Quest KACE SMA, an endpoint management platform, has been exploited after remaining unpatched for 10 months. This severe authentication bypass flaw, with a CVSS score of 10.0, allows attackers to impersonate users without credentials. The incident primarily affected HIQ, a managed services provider, leading to the exfiltration of a 512 MB database containing sensitive information from over 60 organizations, including law enforcement and healthcare. Attackers utilized a sophisticated toolkit for reverse shells, command and control, and credential spraying. The vulnerability was published on June 24, 2025, and was added to CISA's KEV list for active exploitation on April 20, 2026. Over 12,000 internet-facing KACE 1000 appliances are potentially vulnerable due to outdated versions. The incident emphasizes the risks of unpatched vendor software in supply chains.

Key Points: • CVE-2025-32975 is a critical authentication bypass flaw in Quest KACE SMA. • Attackers exploited the vulnerability to access sensitive data from over 60 organizations. • More than 12,000 KACE appliances are potentially vulnerable due to outdated software.

ThreatCluster AI

Timeline

2025-06-24
CVE-2025-32975 published
Quest KACE SMA vulnerability disclosed, allowing unauthenticated access.
Securityaffairs.Co
2026-04-20
CVE-2025-32975 added to CISA KEV
CISA included the vulnerability in its Known Exploited Vulnerabilities catalog due to active exploitation.
Scworld
Recent
Exploitation of the vulnerability confirmed
Attackers compromised HIQ, a managed services provider, affecting multiple organizations.
Scworld

Community

Browse all →