EUVD-2025-19026

| CVE-2025-32977 CRITICAL
2025-06-24 [email protected]
Authentication Bypass
9.6
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 15, 2026 - 22:36 euvd
EUVD-2025-19026
Analysis Generated
Mar 15, 2026 - 22:36 vuln.today
CVE Published
Jun 24, 2025 - 15:15 nvd
CRITICAL 9.6

DescriptionNVD

Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) allows unauthenticated users to upload backup files to the system. While signature validation is implemented, weaknesses in the validation process can be exploited to upload malicious backup content that could compromise system integrity.

AnalysisAI

CVE-2025-32977 is a critical unauthenticated backup file upload vulnerability in Quest KACE Systems Management Appliance (SMA) that allows attackers to bypass signature validation and upload malicious backup content, potentially achieving remote code execution with system-wide impact. The vulnerability affects SMA versions 13.0.x through 14.1.x and requires only user interaction (UI:R) but no authentication (PR:N), with a CVSS 9.6 severity rating indicating high exploitability.

Technical ContextAI

The vulnerability resides in the backup restoration mechanism of Quest KACE SMA, which implements signature validation for uploaded backup files but contains cryptographic or logic weaknesses (CWE-347: Improper Verification of Cryptographic Signature) that allow attackers to circumvent these controls. Quest KACE SMA is a centralized systems management platform (CPE: cpe:2.3:a:quest:kace_systems_management_appliance) that handles sensitive backup files containing system configuration, credentials, and potentially executable content. The weakness allows unauthenticated users to upload specially crafted backup files that pass signature validation but contain malicious payloads, compromising the appliance's integrity and potentially enabling lateral movement across managed systems.

RemediationAI

  • action: Immediate patching; details: Update to patched versions: SMA 13.0.385+, 13.1.81+, 13.2.183+, 14.0.341 Patch 5+, or 14.1.101 Patch 4+. Prioritize production systems managing critical infrastructure.; vendor: Quest Software
  • action: Network segmentation; details: Restrict network access to KACE SMA backup upload endpoints to trusted administrative networks only. Implement firewall rules to prevent unauthenticated external access to the backup restoration interface.
  • action: Access control hardening; details: Implement authentication gateway or reverse proxy requiring multi-factor authentication before reaching the backup upload functionality, despite the appliance's native authentication bypass.
  • action: Monitoring and detection; details: Monitor KACE SMA logs for backup upload attempts from unexpected sources. Alert on signature validation failures or unusual backup restoration activities. Implement file integrity monitoring on backup storage.
  • action: Vendor advisory reference; details: Consult Quest Software's security advisory (CVE-2025-32977 notice) for detailed patch release dates and upgrade procedures. Test patches in non-production environments first given the criticality of backup functionality.

Share

EUVD-2025-19026 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy