Kace Desktop Authority
CVE-2025-67813
MEDIUM
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Lifecycle Timeline
2DescriptionCVE.org
Quest KACE Desktop Authority through 11.3.1 has Insecure Permissions on the Named Pipes used for inter-process communication
AnalysisAI
Kace Desktop Authority versions up to 11.3.1 is affected by incorrect default permissions (CVSS 5.3).
Technical ContextAI
This vulnerability (CWE-276: Incorrect Default Permissions) affects Kace Desktop Authority. Quest KACE Desktop Authority through 11.3.1 has Insecure Permissions on the Named Pipes used for inter-process communication
RemediationAI
Monitor vendor advisories for a patch.
More in Kace Desktop Authority
View allAn issue was discovered in Quest KACE Desktop Authority before 11.2. Rated critical severity (CVSS 9.8), this vulnerabil
An issue was discovered in Quest KACE Desktop Authority before 11.2. Rated critical severity (CVSS 9.8), this vulnerabil
Quest KACE Desktop Authority before 11.2 allows XSS because it does not prevent untrusted HTML from reaching the jQuery.
XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by
Same weakness CWE-276 – Incorrect Default Permissions
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today