← Zuruck zu CVEs

CVE-2025-32975

CRITICAL

10.0

Beschreibung

Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid credentials. The vulnerability exists in the SSO authentication handling mechanism and can lead to complete administrative takeover.

CVE Details

CVSS v3.1 Bewertung10.0

SchweregradCRITICAL

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht6/24/2025

Zuletzt geandert11/3/2025

Quellenvd

Honeypot-Sichtungen0

Schwachen (CWE)

CWE-287

Referenzen

https://seclists.org/fulldisclosure/2025/Jun/22(cve@mitre.org)

https://seralys.com/research/CVE-2025-32975.txt(cve@mitre.org)

https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978(cve@mitre.org)

http://seclists.org/fulldisclosure/2025/Jun/25(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.