CVE-2025-32975 - Quest KACE Systems Management Appliance (SMA)
AI Vulnerability ContextQuest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid credentials. The vulnerability exists in the SSO authentication handling mechanism and can lead to complete admin...
Overview
A source-backed snapshot of this vulnerability.
Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid credentials. The vulnerability exists in the SSO authentication handling mechanism and can lead to complete administrative takeover.
Vulnerability status
How serious this vulnerability is and whether it is known to be exploited.
- CVE ID
- CVE-2025-32975
- Vendor/project
- Quest
- Product
- KACE Systems Management Appliance (SMA)
- Vulnerability name
- Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability
- Date added
- 2026-04-20
- Due date
- 2026-05-04
- Known ransomware campaign use
- Unknown
- CVSS v3
- 10.0
Exploit context
What the vulnerability is about.
Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid credentials. The vulnerability exists in the SSO authentication handling mechanism and can lead to complete administrative takeover.
Source evidence
Original public records and references for this page.
Original source
Original source links
Open the public records and source datasets used for this page.
