cve detail

CVE-2025-32975

naam

Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability

Quest KACE Systems Management Appliance (SMA) contains an improper authentication vulnerability that could allow attackers to impersonate legitimate users without valid credentials.

KEV

bekend misbruikt

EPSS

percentiel

vendor

Quest

product

KACE Systems Management Appliance (SMA)

toegevoegd aan KEV

20 apr 2026

due date

04 mei 2026

ransomware

Unknown

CWE

CWE-287

EPSS datum

aanbevolen actie

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

notities

https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32975