Quest Patches Critical KACE SMA Flaws, Including CVSS 10 Authentication Bypass

Quest Software has released urgent security hotfixes addressing four newly discovered vulnerabilities in its KACE Systems Management Appliance (SMA) product line, one of which has been rated with the maximum CVSS score of 10.0, signaling a critical threat to enterprise infrastructure.

The vulnerabilities, discovered during a third-party security review by Seralys, affect KACE SMA versions up to 14.1 and include issues that could allow attackers to completely bypass authentication, upload malicious files, and disrupt administrative licensing.

The Four CVEs and Their Impacts

• CVE-2025-32975 – Authentication Bypass via SSO (CVSS 10.0)

The most severe of the flaws resides in the Single Sign-On (SSO) authentication mechanism. The vulnerability allows attackers to impersonate any valid user without needing valid credentials, granting full administrative control over the system.

“Complete authentication bypass for any valid username. Full administrative access to the appliance. No authentication credentials required,” the report warns.

• CVE-2025-32976 – Two-Factor Authentication Bypass (CVSS 8.8)

This vulnerability undermines the Time-based One-Time Password (TOTP) 2FA mechanism, enabling authenticated users to bypass two-factor authentication due to flaws in the validation process.

“The vulnerability exists in the 2FA validation process and can be exploited to gain elevated access,” Seralys stated.

• CVE-2025-32977 – Unauthenticated Backup File Upload (CVSS 9.6)

This flaw allows unauthenticated attackers to upload backup files to the system. Although a signature validation mechanism exists, it is not robust enough to prevent the upload of maliciously crafted content.

“Weaknesses in the validation process can be exploited to upload malicious backup content that could compromise system integrity.”

• CVE-2025-32978 – License Replacement Exploit (CVSS 7.5)

Attackers can exploit a public-facing license renewal interface to replace legitimate licenses with expired or trial versions. This can result in denial-of-service (DoS) scenarios that hinder administrative operations.

“Unauthenticated license replacement capability. Denial of service through license corruption,” the report reads.

Affected Versions and Mitigation

Quest has addressed all four vulnerabilities in a series of hotfixes and patches available for the following KACE SMA versions:

• 13.0.385
• 13.1.81
• 13.2.183
• 14.0.341 (Patch 5)
• 14.1.101 (Patch 4)

Users are urged to apply the provided updates immediately to prevent potential exploitation.

Related Posts:

• Quest DR Series Disk Backup Appliance and KACE System Management Appliance Exposed over 60 Vulnerabilities
• Xbox x Meta Quest 3S Confirmed: Co-Branded VR Headset Launching Today
• Multiple Vulnerabilities in SonicWall SMA 100 Could Lead to Remote Code Execution
• Multi Vulnerabilities Found in SonicWall SMA 100 Series Prompt Urgent Security Update
• SonicWall Confirms Active Exploitation of SMA 100 Vulnerabilities – Urges Immediate Patching