Back

Critical Exploitation of Quest KACE SMA Vulnerability Underway

Severity: High (Score: 78.2)

Sources: Gbhackers, Heise.De

Summary

Active exploitation of a critical vulnerability (CVE-2025-32975) in the Quest KACE Systems Management Appliance (SMA) is occurring, with attackers targeting unpatched instances to bypass authentication and gain administrative access. The vulnerability, which has a CVSS score of 10, allows attackers to infiltrate corporate networks and harvest sensitive credentials. Security updates addressing this issue were made available in June 2025, but many administrators have yet to apply them. The attacks reportedly began around March 9, 2026, and while the full scope of the impact is still unclear, the potential for significant damage to corporate networks exists. Additional vulnerabilities (CVE-2025-32976, CVE-2025-32977, CVE-2025-32978) were also patched, though they are not currently being exploited. Administrators are advised to secure their systems and limit public access to the SMA. The situation remains critical as the threat actors continue their operations. Key Points: • CVE-2025-32975 is a critical vulnerability with a CVSS score of 10. • Active exploitation began on March 9, 2026, targeting unpatched SMA instances. • Administrators are urged to apply patches and secure public access to their systems.

Key Entities

  • Data Breach (attack_type)
  • CVE-2025-32975 (cve)
  • CVE-2025-32976 (cve)
  • CVE-2025-32977 (cve)
  • CVE-2025-32978 (cve)
  • T1078 - Valid Accounts (mitre_attack)
  • T1190 - Exploit Public-Facing Application (mitre_attack)
  • Quest KACE Systems Management Appliance (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed