Patch now! Attacks on Quest KACE Systems Management Appliance
Attackers are logging into the Quest KACE Systems Management Appliance endpoint management system. A security patch has been available for a long time.
(Image: antb/Shutterstock.com)
Attackers are currently exploiting a “critical” security vulnerability in the Quest KACE Systems Management Appliance (SMA) endpoint management system, compromising publicly accessible instances. Security updates have been available for download since May of last year. Apparently, not all SMA admins have installed them yet.
Broken Authentication
Security researchers from Arctic Wolf are pointing out the attacks in a post. According to a warning from software manufacturer Quest, the “critical” vulnerability (CVE-2025-32975) with the highest possible CVSS score of 10 out of 10 affects SSO authentication.
Due to unspecified errors, attackers can bypass login and access systems as any legitimate user. They can then completely take over instances with administrative rights.
Protect Systems
How attacks specifically proceed and what attackers do with compromised systems is currently unclear. It is also currently unknown to what extent the attacks are occurring. Admins should ensure that one of the secured SMA versions is installed. The patches also close further vulnerabilities (CVE-2025-32976, CVE-2025-32977, CVE-2025-32978), which, according to security researchers, are not relevant to the currently ongoing attacks.
Videos by heise
- 13.0.385
- 13.1.81
- 13.2.183
- 14.0.341 (Patch 5)
- 14.1.101 (Patch 4)
In addition to installing the security updates, admins should not make the endpoint management system publicly accessible. If this is unavoidable, access must be secured via a VPN connection, for example. This applies not only to SMA but generally.
(des)
