Description
Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid credentials. The vulnerability exists in the SSO authentication handling mechanism and can lead to complete administrative takeover.
Published: 2025-06-24
Score: 10 Critical
EPSS: 39.3% Moderate
KEV: Yes
Impact: n/a
Action: n/a
AI Analysis

Impact

An authentication bypass flaw in the single sign‑on handling of Quest KACE Systems Management Appliance allows an attacker to impersonate legitimate users without supplying valid credentials. The vulnerability is rooted in the SSO authentication handling mechanism, granting the attacker full administrative privileges and effectively controlling the appliance and any managed assets.

Affected Systems

Quest KACE SMA 13.0.x versions earlier than 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (pre‑Patch 5), and 14.1.x before 14.1.101 (pre‑Patch 4) are susceptible.

Risk and Exploitability

The flaw carries a CVSS score of 10, an EPSS probability of 39 %, and is listed in the CISA KEV catalog. Based on the description, it is inferred that the attack vector requires network access to the appliance’s SSO endpoint, making it a high‑impact remote vulnerability that can be leveraged without user interaction.

Generated by OpenCVE AI on May 24, 2026 at 15:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official patch or upgrade to the latest SMA version as recommended by Quest.
  • After updating, review and reconfigure the SSO settings to enforce strict authentication policies, disabling any insecure fallback methods.
  • Implement network segmentation to restrict access to the management interface and enable multi‑factor authentication for all administrative accounts.

Generated by OpenCVE AI on May 24, 2026 at 15:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-19028 Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid credentials. The vulnerability exists in the SSO authentication handling mechanism and can lead to complete administrative takeover.
History

Sun, 24 May 2026 15:15:00 +0000

Type Values Removed Values Added
Title Authentication Bypass in Quest KACE SMA Allows Administrative Takeover

Tue, 28 Apr 2026 23:00:00 +0000

Type Values Removed Values Added
Title Authentication Bypass in Quest KACE SMA Allows Administrative Takeover

Tue, 28 Apr 2026 01:45:00 +0000

Type Values Removed Values Added
Title Authentication Bypass in Quest KACE SMA SSO Allows Administrative Takeover

Wed, 22 Apr 2026 13:45:00 +0000

Type Values Removed Values Added
Title Authentication Bypass in Quest KACE SMA SSO Allows Administrative Takeover

Tue, 21 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:quest:kace_systems_management_appliance:*:*:*:*:*:*:*:*

Mon, 20 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 20 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2026-04-20T00:00:00+00:00', 'dueDate': '2026-05-04T00:00:00+00:00'}

Tue, 24 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Tue, 24 Jun 2025 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-287
Metrics cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 24 Jun 2025 14:45:00 +0000

Type Values Removed Values Added
Description Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid credentials. The vulnerability exists in the SSO authentication handling mechanism and can lead to complete administrative takeover.
References

Subscriptions

Quest Kace Systems Management Appliance
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-21T03:55:39.782Z

Reserved: 2025-04-15T00:00:00.000Z

Link: CVE-2025-32975

cve-icon Vulnrichment

Updated: 2025-11-03T19:53:50.296Z

cve-icon NVD

Status : Analyzed

Published: 2025-06-24T15:15:23.710

Modified: 2026-04-21T14:09:39.213

Link: CVE-2025-32975

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-24T15:15:06Z

Weaknesses