KACE Critical Vulnerability Exploited in Cyber Attacks: What You Need to Know

Critical Vulnerability in Quest KACE Systems Management Appliance

A critical vulnerability in Quest KACE Systems Management Appliance (SMA) has been potentially exploited in attacks, according to cybersecurity firm Arctic Wolf.

Vulnerability Details

The flaw, tracked as CVE-2025-32975, is an authentication bypass vulnerability that allows unauthenticated threat actors to impersonate legitimate users, potentially leading to full administrative control of the appliance.

Affected Systems

KACE SMA is an on-premises tool used for centralized endpoint management, including asset inventory, software distribution, patching, and monitoring. The vulnerability, which was patched by Quest in May 2025, affects unpatched KACE SMA instances exposed to the internet.

Exploitation and Impact

Arctic Wolf detected suspicious activity in client networks that appears to be tied to the exploitation of CVE-2025-32975. The attackers used the vulnerability to gain initial access to a system, after which they achieved administrative control.

The cybersecurity firm found no evidence that three related vulnerabilities (CVE-2025-32976, CVE-2025-32977, and CVE-2025-32978), also addressed in May 2025, were involved in the observed incidents.

Recommendations

Organizations still running outdated Quest KACE SMA versions are urged to apply the available patches immediately to prevent potential exploitation. The vulnerability can be exploited by unauthenticated attackers, making it a significant risk for organizations that have not applied the patch.

The incident highlights the importance of keeping software up to date and patching vulnerabilities in a timely manner. It also underscores the need for organizations to monitor their networks for suspicious activity and to have incident response plans in place in case of a security breach.

About Author

Vaibhav

See author's posts