ThreatLevel
Planned Fix

CVE-2025-32975

Authentication Bypass in Quest KACE SMA (pre-auth)

Authentication bypass vulnerability in Quest KACE SMA that allows an attacker to impersonate legitimate users without credentials. This pre-auth flaw can lead to a full administrative takeover of the appliance in affected versions before patches. It is addressed by upgrading to patched releases as described by Quest.

Last analyzed: Loading...
Type
Auth Bypass (Authentication Bypass)
Auth Required
No
PoC Available
No
Vendor
Quest Software
Product
KACE Systems Management Appliance (SMA)
Exposure
Local network
Default Config
Not exploitable
CVSS Score
10.0
Name
Authentication Bypass in Quest KACE SMA (pre-auth)
Summary
Authentication bypass vulnerability in Quest KACE SMA that allows an attacker to impersonate legitimate users without credentials. This pre-auth flaw can lead to a full administrative takeover of the appliance in affected versions before patches. It is addressed by upgrading to patched releases as described by Quest.
Vendor
Quest Software
Product Name
KACE Systems Management Appliance (SMA)
Product Description
An on-premises IT asset management and endpoint management appliance with features including inventory, software deployment, service desk, and security management, accessible via a web-based admin console.
Affected Versions
13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4)
Affected Component
SSO authentication handling mechanism used by KACE SMA.
Component URLs
Not available
Protocol
HTTPS
Ports
443
Internet-facing Likelihood
20%
Exposure Level
Local network
Enterprise Usage
70%
Affected Software URLs
Type
Auth Bypass (Authentication Bypass)
Impact
Full administrative takeover of the SMA; attacker can impersonate admins and gain full control over the appliance.
Exploitation Description
An unauthenticated attacker targets the SMA web UI by exploiting the flawed SSO authentication flow to impersonate an administrator, gaining privileged access via the login mechanism.
Detection Method
No
Detection Method Types
Not available
Detection Method URLs
Not available
PoC Available
No
PoC URLs
Not available
Default Config Exploitable
No
Exploitation Requirements
Unauthenticated remote access to the SMA web UI; SSO authentication flow enabled; network reachability to the appliance.
Requirements URLs
Requirements Probability
95%
Authentication Needed
No
CVE ID
CVE-2025-32975
Description
Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid credentials. The vulnerability exists in the SSO authentication handling mechanism and can lead to complete administrative takeover.
CVSS Score
10.0
Published
Loading...
Last Modified
Loading...
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector (AV)
AV:N
Attack Complexity (AC)
AC:L
Privileges Required (PR)
PR:N
User Interaction (UI)
UI:N
Scope (S)
S:C
Confidentiality (C)
C:H
Integrity (I)
I:H
Availability (A)
A:H
CWE
CWE-287: Improper Authentication
NVD URL
https://nvd.nist.gov/vuln/detail/CVE-2025-32975
CPE Configuration
Not available
Version From
Not available
Version UpTo
Not available
Remediation Type
updatepatch
Remediation Description
Upgrade to a patched version per Quest advisory 4379499: 13.0.x to 13.0.385 or newer; 13.1.x to 13.1.81 or newer; 13.2.x to 13.2.183 or newer; 14.0.341 (Patch 5) or 14.1.101 (Patch 4). After upgrading, verify access control and SSO configuration.
Remediation URLs
EPSS Score
12.00%
EPSS Percentile
31.50%
EPSS Last Updated
Not available
CISA KEV
No
CISA KEV Date Added
Not available
Active Exploitation
No evidence
Active Exploitation URLs
Not available
Threat Actors
Not available
Threat Actors URLs
Not available
IOCs
Not available
Detection Rules
Not available
Threat Hunting URLs
Not available
Articles Used
7
Sources