Ethical Hacking News
Quest KACE SMA, a popular endpoint management platform, has been left vulnerable due to an unpatched authentication bypass flaw (CVE-2025-32975). This critical vulnerability exposed 60 organizations across various sectors to exploitation. Organizations are advised to patch their systems promptly and conduct thorough risk assessments.
A critical vulnerability in Quest KACE SMA has left thousands of organizations vulnerable to exploitation. The CVE-2025-32975 flaw is an authentication bypass vulnerability with a CVSS score of 10.0, making it the maximum possible rating for severity. The vulnerability allows an unauthenticated attacker to impersonate legitimate users without supplying any credentials. A security researcher discovered the flaw and reported it to Quest, but it was left unpatched for ten months. Dozens of organizations were compromised during this time, with stolen data including user credentials, operational logs, and database dumps. The vulnerability highlights a critical supply chain risk faced by organizations that use KACE SMA. Regular vulnerability assessments and proactive patching are essential to prevent exploitation through third-party vendors or services.
A critical vulnerability in Quest KACE SMA, a popular endpoint management platform used by thousands of organizations, has left scores of businesses and institutions vulnerable to exploitation. The CVE-2025-32975 flaw, identified by security researchers at Hunt.io, is an authentication bypass vulnerability with a CVSS score of 10.0 - the maximum possible rating for severity.
Quest KACE SMA is an on-premises endpoint management platform designed for software deployment, patching, and device control. Its central role in managing endpoint devices makes it a high-value target for attackers seeking to compromise entire organizations. The vulnerability in question allows an unauthenticated, network-reachable attacker to impersonate legitimate users, including administrators, without supplying any credentials.
The story behind CVE-2025-32975 is one of patience and neglect. According to the researchers at Hunt.io, the flaw was left unpatched for ten months after its initial discovery by a security researcher. During this time, an attacker actively exploited instances that had never been updated, compromising dozens of organizations across various sectors.
The attackers' toolkit was sophisticated, featuring a range of tools designed to facilitate lateral movement and data exfiltration. The attack involved staging the entire toolkit on a server with no password protection on the directory - a mistake that ultimately led to its discovery by Hunt.io's scanning infrastructure three days into the operation. The stolen data included user credentials, operational logs, and even database dumps containing sensitive information about dozens of organizations.
The 512 MB database dump extracted from the KACE appliance contained the complete operational picture of HIQ, an MSP handling IT for dozens of organizations across the Boston area. This dump revealed HIQ's staff accounts, client lists, helpdesk tickets describing work done at police departments, schools, healthcare organizations, and local government agencies - all without any direct connection to the vulnerable software.
The data breach highlights a critical supply chain risk faced by organizations that use KACE SMA. Even if an organization applies patches and maintains its internal security posture, it is still susceptible to exploitation through third-party vendors or services. The incident underscores the importance of regular vulnerability assessments and proactive patching for all managed systems across organizations.
Hunt.io's report on CVE-2025-32975 also includes indicators of compromise (IoCs) that can help organizations identify potential vulnerabilities in their own environments. These IoCs should be used to inform security teams and prompt them to conduct thorough risk assessments, especially when it comes to managing endpoint devices.
In conclusion, the critical vulnerability in Quest KACE SMA serves as a stark reminder of the importance of proactive patching and regular vulnerability assessments. Organizations that fail to address such vulnerabilities risk exposing themselves to significant data breaches and reputational damage.
Related Information:
https://www.ethicalhackingnews.com/articles/Unpatched-Tool-Exposes-60-Organizations-to-Critical-Vulnerability-ehn.shtml
https://securityaffairs.com/192067/security/quest-kace-sma-flaw-cve-2025-32975-when-one-unpatched-tool-opens-the-door-to-60-organizations.html
Published: Wed May 13 09:21:00 2026 by llama3.2 3B Q4_K_M
