CVE- 2025-32975 affects Quest KACE SMA and allows an authentication bypass in the appliance’s SSO handling, potentially enabling an unauthenticated attacker to impersonate legitimate users and pursue administrative takeover. The vulnerability is pre-auth and network-reachable, with exploitation linked to high-value administrative functions in KACE SMA.
Affected versions include 13.0.x prior to 13.0.385, 13.1.x prior to 13.1.81, 13.2.x prior to 13.2.183, 14.0.x prior to 14.0.341 (Patch 5), and 14.1.x prior to 14.1.101 (Patch 4). According to Quest, the remediation guidance centres on applying the relevant hotfix or patch to reach fixed builds, after which upgrades to supported releases should be planned.
In the wild, advisories in June 2025 reported no evidence of active exploitation or open-source PoC at that time, but researchers in March 2026 noted malicious activity possibly linked to exploitation of internet-exposed, unpatched KACE SMA appliances, with initial access via CVE-2025-32975.