Post

Quest KACE SMA Flaw CVE-2025-32975 Exposes 60 Organizations

Posted
By ictsec.pl
1 min read
Quest KACE SMA Flaw CVE-2025-32975 Exposes 60 Organizations

Quest KACE SMA Flaw CVE-2025-32975: A Critical Vulnerability 🚨

CVE-2025-32975 is a critical flaw in Quest KACE SMA, a tool used for endpoint management. If exploited, this vulnerability could impact all managed systems across organizations. Quest KACE SMA serves as an on-premises endpoint management platform for software deployment, patching, and device control, making it a high-value target. A compromise can expose all managed endpoints.

What is CVE-2025-32975?

This vulnerability is an authentication bypass in KACE SMA’s SSO authentication handling mechanism, boasting a CVSS score of 10.0, the maximum possible. The report from Hunt.io states, “The flaw allows an unauthenticated, network-reachable attacker to impersonate legitimate users, including administrators, without supplying any credentials.”

The Impact of the Flaw

Quest published a fix in May 2025, but ten months later, attackers were actively exploiting instances that had never been updated. After compromising a managed services provider called HIQ, which handled IT for dozens of organizations across the Boston area, the attacker staged their entire toolkit on a server with no password protection. Hunt.io’s scanning infrastructure detected this three days into the operation, revealing a 308 MB toolkit that covered the full intrusion lifecycle across 219 files.

What Was Exposed?

The attacker managed to pull a 512 MB database dump from the KACE appliance, which contained sensitive information about HIQ’s IT business, including staff accounts, client lists, and helpdesk tickets from various sectors such as law enforcement, healthcare, and education. The exfiltrated data revealed the appliance-managed endpoints for over 60 named client organizations, none of whom had any direct interaction with KACE.

Conclusion

If your organization uses KACE SMA, it is crucial to apply the patch that has existed since May 2025. Researchers have also published Indicators of Compromise (IoCs) to help organizations identify potential breaches.

For more detailed information, you can read the full article here: Read full article

SECURITY
QUEST KACE SMA VULNERABILITY SECURITY
This post is licensed under CC BY 4.0 by the author.