Critical Vulnerability in Quest KACE SMA Systems Leaves Thousands at Risk
Security

Critical Vulnerability in Quest KACE SMA Systems Leaves Thousands at Risk

A critical security flaw (CVE-2025-32975) with a CVSS score of 10.0 has been exploited since March 2026, endangering unpatched Quest KACE SMA systems. Immediate action is essential to prevent administrative takeover.

Editorial
Editorial Staff
1 hour ago 1 min read
NeboAI I summarize the news with data, figures and context
IN 30 SECONDS

35 sec read time You saved ~1 min
IN 1 SENTENCE

SENTIMENT
Neutral

𒀭
NeboAI is working, please wait...
Preparing detailed analysis
Quick summary completed
Extracting data, figures and quotes...
Identifying key players and context
DETAILED ANALYSIS
SHARE
Was this helpful?

NeboAI produces automated editions of journalistic texts in the form of summaries and analyses. Its experimental results are based on artificial intelligence. As an AI edition, texts may occasionally contain errors, omissions, incorrect data relationships and other unforeseen inaccuracies. We recommend verifying the content.

© NeboAI 2025 About Nebo

A critical security vulnerability, identified as CVE-2025-32975, has a CVSS score of 10.0 and is currently being exploited by threat actors targeting the Quest KACE Systems Management Appliance (SMA). Malicious activities linked to this flaw were first observed by Arctic Wolf starting the week of March 9, 2026, indicating a significant risk for unpatched systems connected to the internet.

The vulnerability allows attackers to bypass authentication, potentially enabling them to impersonate legitimate users and take full control of administrative accounts. Following the exploitation of this flaw, attackers have been reported to create unauthorized administrative accounts and execute remote commands to transfer malicious payloads from an external source.

To mitigate the risk, administrators are urged to install the most recent updates and ensure that SMA systems are not publicly accessible. The security issue was addressed in several updates, including versions 13.0.385, 13.1.81, and 14.1.101, among others.

Tags: quest kace cvE-2025-32975 cybersecurity authentication bypass administrative accounts threat actors
Want to read the full article? Access the original article with all the details.
Read Original Article
TL;DR

This article is an original summary for informational purposes. Image credits and full coverage at the original source. · View Content Policy

Editorial
Editorial Staff

Our editorial team works around the clock to bring you the latest tech news, trends, and insights from the industry. We cover everything from artificial intelligence breakthroughs to startup funding rounds, gadget launches, and cybersecurity threats. Our mission is to keep you informed with accurate, timely, and relevant technology coverage.

5512 articles →

Related Articles

Booz Allen Hamilton Report Warns: AI Cuts Cyber Attack Response Time by Half

Malaysian iOS Users at Risk as DarkSword Spyware Exposes Cybersecurity Gaps

Colopl's New App Shields User Images from AI Exploitation: What You Need to Know

Iranian Hackers Resurface with New Tactics Targeting Israel, FBI Reports

Cybersecurity Gains: CrowdStrike Cuts Attack Response Time by 65% with AI Innovations

Crunchyroll faces major security fallout as hackers steal data from 7 million users

Upwind's 95% Accurate AI Prompt Threat Detection Redefines Cybersecurity Standards

US Ban on Foreign-Made Wi-Fi Routers Sparks Concerns for Home Network Security

Majority of Security Leaders Lack Readiness as AI Cyber Threats Surge, EY Finds
Press Enter to search or ESC to close