Quest

Quest Software, a vendor specializing in identity and access management, backup, and disaster recovery solutions, has a high-severity vulnerability (CVSS 8.8) that can be exploited remotely by authenticated users without user interaction to achieve complete compromise including confidentiality, integrity, and availability breaches. The attack requires only low complexity and network access, making it relatively straightforward to exploit once an attacker has valid credentials. Security teams should monitor for patches expected by the January 2026 deadline and prioritize credential hygiene across Quest-managed infrastructure in the interim.