Critical Exploitation of Quest KACE SMA Vulnerability Underway

Critical Exploitation of Quest KACE SMA Vulnerability Underway

First seen 24 Mar 2026, 10:45 UTC GbhackersHeise.De 84% similarity 78.2

Article Content

Browse articles
ThreatCluster

Active exploitation of a critical vulnerability (CVE-2025-32975) in the Quest KACE Systems Management Appliance (SMA) is occurring, with attackers targeting unpatched instances to bypass authentication and gain administrative access. The vulnerability, which has a CVSS score of 10, allows attackers to infiltrate corporate networks and harvest sensitive credentials. Security updates addressing this issue were made available in June 2025, but many administrators have yet to apply them. The attacks reportedly began around March 9, 2026, and while the full scope of the impact is still unclear, the potential for significant damage to corporate networks exists. Additional vulnerabilities (CVE-2025-32976, CVE-2025-32977, CVE-2025-32978) were also patched, though they are not currently being exploited. Administrators are advised to secure their systems and limit public access to the SMA. The situation remains critical as the threat actors continue their operations.

Key Points: • CVE-2025-32975 is a critical vulnerability with a CVSS score of 10. • Active exploitation began on March 9, 2026, targeting unpatched SMA instances. • Administrators are urged to apply patches and secure public access to their systems.

ThreatCluster AI

Timeline

2025-06-24
CVE-2025-32975, CVE-2025-32976, CVE-2025-32977, CVE-2025-32978 published
2026-03-09
Active exploitation of CVE-2025-32975 detected
2026-03-24
Heise.De article warns about ongoing attacks

Community

Browse all →