← ExploitWatch
HomeExploited Vulnerabilities

CVE-2025-32975 — Actively Exploited: KACE Systems Management Appliance (SMA) (Quest)

Quest KACE Systems Management Appliance (SMA) contains an improper authentication vulnerability that could allow attackers to impersonate legitimate users without valid credentials.

CVE IDCVE-2025-32975
VendorQuest
ProductKACE Systems Management Appliance (SMA)
Vulnerability nameQuest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability
Date added2026-04-20
Remediation due2026-05-04
Known ransomware useUnknown
Required actionApply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
DescriptionQuest KACE Systems Management Appliance (SMA) contains an improper authentication vulnerability that could allow attackers to impersonate legitimate users without valid credentials.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →