CVE-2025-32975: Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability

Quest KACE Systems Management Appliance (SMA) contains an improper authentication vulnerability that could allow attackers to impersonate legitimate users without valid credentials.

⚠️ CISA KEV Remediation Due: 2026-05-04

9.5CVSS Score

CRITICALSeverity

YESCISA KEV

VulnerabilityImpact Type

📋 Vulnerability Details

CVE ID	CVE-2025-32975
Vendor	Quest
Affected Product	KACE Systems Management Appliance (SMA)
Vulnerability Type	Vulnerability
CVSS Score	9.5 (CRITICAL)
Actively Exploited	✅ Yes — CISA KEV Listed
Patch Status	See Vendor Advisory →
Reported By	CYBERDUDEBIVASH SENTINEL APEX Intelligence (via cisa_kev)

🔬 Technical Analysis

Quest KACE Systems Management Appliance (SMA) contains an improper authentication vulnerability that could allow attackers to impersonate legitimate users without valid credentials.

📚 Advisory References

https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32975

⚡ DETECTION RULES AVAILABLE

Get CVE-2025-32975 Detection Pack

Sigma rules, YARA signatures, IOC table, and SIEM queries for Splunk, Elastic, Sentinel, and Chronicle — deployable in 5 minutes.

✓ Sigma Rules ✓ YARA Pack ✓ IOC Table ✓ SIEM Queries

🛡️ Get Detection Pack → 🔌 Access via API →

CVE-2025-32975: Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability

📋 Vulnerability Details

🔬 Technical Analysis

📚 Advisory References

Get CVE-2025-32975 Detection Pack

🔗 Related Intelligence