Heise.De
Critical Exploitation of Quest KACE SMA Vulnerability Underway
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Active exploitation of a critical vulnerability (CVE-2025-32975) in the Quest KACE Systems Management Appliance (SMA) is occurring, with attackers targeting unpatched instances to bypass authentication and gain administrative access. The vulnerability, which has a CVSS score of 10, allows attackers to infiltrate corporate networks and harvest sensitive credentials. Security updates addressing this issue were made available in June 2025, but many administrators have yet to apply them. The attacks reportedly began around March 9, 2026, and while the full scope of the impact is still unclear, the potential for significant damage to corporate networks exists. Additional vulnerabilities (CVE-2025-32976, CVE-2025-32977, CVE-2025-32978) were also patched, though they are not currently being exploited. Administrators are advised to secure their systems and limit public access to the SMA. The situation remains critical as the threat actors continue their operations.
Key Points: • CVE-2025-32975 is a critical vulnerability with a CVSS score of 10. • Active exploitation began on March 9, 2026, targeting unpatched SMA instances. • Administrators are urged to apply patches and secure public access to their systems.