CVE-2025-32977CRITICAL 9.6EPSS p32.4%

CVE-2025-32977CVE-2025-32977

Description

Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) allows unauthenticated users to upload backup files to the system. While signature validation is implemented, weaknesses in the validation process can be exploited to upload malicious backup content that could compromise system integrity.

Scoring

CVSS 3.19.6 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS0.41% probability of exploitation · percentile 32.4% · 2026-06-18T12:00:27Z
Published2025-06-24
Last modified2026-04-15

Underlying weaknesses· 1

CWE-347

References

  1. https://seclists.org/fulldisclosure/2025/Jun/24
  2. https://seralys.com/research/CVE-2025-32977.txt
  3. https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978
  4. http://seclists.org/fulldisclosure/2025/Jun/25

1

TypeTargetConfidenceTier
WeaknessImproper Verification of Cryptographic Signaturecwe-3470%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-32976
CVE
Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability
CVE
CVE-2025-26850
CVE
CVE-2025-53118
CVE
CVE-2025-51381
CVE
CVE-2025-40599
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.