CVE-2025-32975

Warnung

Medienbericht

EPSS 2.42%
Veröffentlicht 24.06.2025 00:00:00
Zuletzt bearbeitet 21.04.2026 14:09:39
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid credentials. The vulnerability exists in the SSO authentication handling mechanism and can lead to complete administrative takeover.

Betroffene Produkte Warnungen 1 Metriken 2 CWE 1 Referenzen 12

NVD 5 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Quest ≫ Kace Systems Management Appliance Version >= 13.0 < 13.0.385

Quest ≫ Kace Systems Management Appliance Version >= 13.1 < 13.1.81

Quest ≫ Kace Systems Management Appliance Version >= 13.2 < 13.2.183

Quest ≫ Kace Systems Management Appliance Version >= 14.0 < 14.0.341

Quest ≫ Kace Systems Management Appliance Version >= 14.1 < 14.1.101

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

20.04.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog

Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability

Schwachstelle

Quest KACE Systems Management Appliance (SMA) contains an improper authentication vulnerability that could allow attackers to impersonate legitimate users without valid credentials.

Beschreibung

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.42%	0.82

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	10	3.9	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.

VulnDex Intel

Media Report

21.04.2026 10:01

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.

VulnDex Intel

Media Report

21.04.2026 09:16

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.

VulnDex Intel

Media Report

24.03.2026 09:23

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.

VulnDex Intel

Media Report

23.03.2026 08:07

https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978

Vendor Advisory

https://seclists.org/fulldisclosure/2025/Jun/22

Third Party Advisory

Mailing List

https://seralys.com/research/CVE-2025-32975.txt

Third Party Advisory

http://seclists.org/fulldisclosure/2025/Jun/25

Third Party Advisory

Mailing List

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32975

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2025-32975

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-32975

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-32975

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-32975

20.04.2026: CISA Known Exploited Vulnerabilities (KEV) Catalog