What is the CVSS score of CVE-2025-32975?

CVE-2025-32975 has a CVSS 3.1 base score of 10.0 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. EPSS exploitation probability: 0.2%.

Is there a public PoC exploit available for CVE-2025-32975?

Yes, a public proof-of-concept exploit is available for CVE-2025-32975. Prioritise patching immediately. EPSS: 0.2%.

How to fix or mitigate CVE-2025-32975?

Within 24 hours: (1) Identify all Quest KACE Systems Management Appliance instances running versions 13.0.x through 14.1.x in your environment; (2) isolate affected appliances from production networks if possible; (3) enable enhanced logging and monitoring on KACE administrative functions. Within 7 days: (1) contact Quest for emergency patching or guidance; (2) implement network-level access controls restricting KACE administrative interfaces to trusted networks only; (3) conduct forensic review of KACE audit logs for unauthorized administrative access or SSO anomalies. Within 30 days: (1) deploy patches immediately upon vendor release; (2) perform full re-authentication audit of KACE user accounts and SSO integrations; (3) rotate all service accounts and administrative credentials associated with KACE.

CVE-2025-32975

EUVD-2025-19028 CRITICAL

Improper Authentication (CWE-287)

2025-06-24 cve@mitre.org

Authentication Bypass

10.0

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

10.0 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Updated

Apr 21, 2026 - 14:28 vuln.today

v3 (cvss_changed)

Analysis Updated

Apr 21, 2026 - 13:42 vuln.today

v2 (cvss_changed)

Re-analysis Queued

Apr 20, 2026 - 20:22 vuln.today

cvss_changed

Added to CISA KEV

Apr 20, 2026 - 19:31 CISA

EUVD ID Assigned

Mar 15, 2026 - 22:36 euvd

EUVD-2025-19028

Analysis Generated

Mar 15, 2026 - 22:36 vuln.today

PoC Detected

Nov 03, 2025 - 20:18 vuln.today

Public exploit code

CVE Published

Jun 24, 2025 - 15:15 nvd

CRITICAL 10.0

DescriptionCVE.org

Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid credentials. The vulnerability exists in the SSO authentication handling mechanism and can lead to complete administrative takeover.

AnalysisAI

Authentication bypass in Quest KACE Systems Management Appliance allows remote unauthenticated attackers to impersonate any user and achieve complete administrative takeover via SSO mechanism flaws. Confirmed actively exploited (CISA KEV) with publicly available exploit code. Affects versions 13.0.x through 14.1.x across five major release branches. CVSS 10.0 (critical) with changed scope indicates full system compromise. EPSS score of 0.16% appears artificially low given confirmed active exploitation, suggesting targeted attacks rather than widespread scanning.

Technical ContextAI

Quest KACE SMA is an enterprise systems management appliance providing patch management, asset inventory, and service desk capabilities. The vulnerability (CWE-287: Improper Authentication) resides in the SSO (Single Sign-On) authentication handler, which apparently fails to properly validate authentication tokens or session credentials. This allows credential bypass during the authentication phase. The changed scope (S:C) in the CVSS vector indicates the vulnerability permits breaking out of the appliance's security boundary to impact other resources, consistent with administrative takeover scenarios where compromised management systems can pivot to managed endpoints. The authentication mechanism flaw likely involves token validation logic that accepts malformed, replayed, or attacker-crafted authentication assertions without proper cryptographic verification.

RemediationAI

Vendor-released patches: Upgrade immediately to Quest KACE SMA 13.0.385, 13.1.81, 13.2.183, 14.0.341 (Patch 5), or 14.1.101 (Patch 4) depending on your major version branch - see https://support.quest.com/kb/4379499/ for patch downloads and installation instructions. Given confirmed active exploitation, this is an emergency out-of-cycle patch requiring immediate deployment. If immediate patching is not feasible within 24-48 hours, implement network-level compensating controls: restrict SMA administrative interface access to specific trusted IP addresses via firewall rules (blocks AV:N attack vector but breaks legitimate remote management), disable SSO authentication methods and require local authentication only (may break integrated workflows with directory services), or place SMA behind a reverse proxy with pre-authentication requirements (adds latency and complexity). Each workaround degrades SMA functionality - emergency patching is the only complete fix. Monitor authentication logs for anomalous login patterns, multiple administrative sessions from same user, or logins from unexpected source IPs during the exposure window.

CVE-2025-32975 vulnerability details – vuln.today

Back

CVE-2025-32975

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code