CVE-2025-32975CRITICAL 10.0CISA KEVEPSS p82.0%

CVE-2025-32975Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability

Quest / KACE Systems Management Appliance (SMA)

Description

Quest KACE Systems Management Appliance (SMA) contains an improper authentication vulnerability that could allow attackers to impersonate legitimate users without valid credentials.

Scoring

CVSS 3.110.0 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS2.42% probability of exploitation · percentile 82.0% · 2026-06-18T12:00:27Z
Published2025-06-24
Last modified2026-04-21

CISA KEV entry

Added to KEV: 2026-04-20

Underlying weaknesses· 1

CWE-287

References

  1. https://seclists.org/fulldisclosure/2025/Jun/22
  2. https://seralys.com/research/CVE-2025-32975.txt
  3. https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978
  4. http://seclists.org/fulldisclosure/2025/Jun/25
  5. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32975

1

TypeTargetConfidenceTier
WeaknessImproper Authenticationcwe-2870%live

(incoming)1

TypeTargetConfidenceTier
KEVEntryQuest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerabilitykev-cve-2025-329750%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-26850
CVE
CVE-2025-32976
CVE
CVE-2025-32977
CVE
SonicWall SMA1000 Missing Authorization Vulnerability
CVE
CVE-2025-51381
CVE
CVE-2025-22477
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.