Description
Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid credentials. The vulnerability exists in the SSO authentication handling mechanism and can lead to complete administrative takeover.
Published: 2025-06-24
Score: 10 Critical
EPSS: 46.5% Moderate
KEV: Yes
Impact: Administrative takeover via authentication bypass
Action: Immediate Patch
AI Analysis

Impact

An authentication bypass flaw in the single sign‑on handling of Quest KACE Systems Management Appliance allows an attacker to impersonate legitimate users without supplying valid credentials. The victim system accepts the forged authentication and grants the attacker full administrative privileges, effectively handing over control of the appliance and any managed assets.

Affected Systems

Quest KACE SMA 13.0.x versions prior to 13.0.385, 13.1.x prior to 13.1.81, 13.2.x prior to 13.2.183, 14.0.x prior to 14.0.341 (before Patch 5), and 14.1.x prior to 14.1.101 (before Patch 4) are vulnerable.

Risk and Exploitability

The flaw carries a CVSS score of 10, an EPSS probability of 47%, and is listed in the CISA KEV catalog. Based on the description, it is inferred that the attack vector requires network access to the appliance’s SSO endpoint, making it a high‑impact remote vulnerability that can be leveraged without user interaction.

Generated by OpenCVE AI on April 28, 2026 at 22:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official patch or upgrade to the latest SMA version following Quest’s release notes.
  • After the update, review and reconfigure the SSO settings to enforce strict authentication policies, disabling any insecure fallbacks.
  • Implement network segmentation to restrict access to the management interface and enable multi‑factor authentication for all administrative accounts.

Generated by OpenCVE AI on April 28, 2026 at 22:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-19028 Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid credentials. The vulnerability exists in the SSO authentication handling mechanism and can lead to complete administrative takeover.
History

Tue, 28 Apr 2026 23:00:00 +0000

Type Values Removed Values Added
Title Authentication Bypass in Quest KACE SMA Allows Administrative Takeover

Tue, 28 Apr 2026 01:45:00 +0000

Type Values Removed Values Added
Title Authentication Bypass in Quest KACE SMA SSO Allows Administrative Takeover

Wed, 22 Apr 2026 13:45:00 +0000

Type Values Removed Values Added
Title Authentication Bypass in Quest KACE SMA SSO Allows Administrative Takeover

Tue, 21 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:quest:kace_systems_management_appliance:*:*:*:*:*:*:*:*

Mon, 20 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 20 Apr 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2026-04-20T00:00:00+00:00', 'dueDate': '2026-05-04T00:00:00+00:00'}

Tue, 24 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 03 Nov 2025 20:30:00 +0000

Type Values Removed Values Added
References

Tue, 24 Jun 2025 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-287
Metrics cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 24 Jun 2025 14:45:00 +0000

Type Values Removed Values Added
Description Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid credentials. The vulnerability exists in the SSO authentication handling mechanism and can lead to complete administrative takeover.
References

Subscriptions

Quest Kace Systems Management Appliance
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-21T03:55:39.782Z

Reserved: 2025-04-15T00:00:00.000Z

Link: CVE-2025-32975

cve-icon Vulnrichment

Updated: 2025-11-03T19:53:50.296Z

cve-icon NVD

Status : Analyzed

Published: 2025-06-24T15:15:23.710

Modified: 2026-04-21T14:09:39.213

Link: CVE-2025-32975

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T22:45:25Z

Weaknesses