Quest

Quest Software has a high-severity vulnerability (CVSS 8.8) that can be exploited remotely by authenticated users without requiring user interaction, potentially allowing attackers to compromise confidentiality, integrity, and availability of affected systems. The vulnerability was reported in September 2025 with a vendor deadline of January 2026, giving organizations roughly four months before a public disclosure. Security teams should monitor Quest's advisory channels and prioritize patching once available, particularly for systems where Quest software handles sensitive data or critical operations.