Part of Lyceum Intelligence — deep-research In Focus reports → · Lyceum Corpus — ask the documents →

Full-text search across 381 articles. Typo-tolerant.

Lyceum News Desk ·

[KEV] CVE-2025-32975 -- CVSS 0.0 Vulnerability Briefing

[KEV] CVE-2025-32975 | CVSS 0.0 (Low) | Exploit: Operational

What Is It

CVE-2025-32975 is an improper authentication vulnerability in Quest KACE Systems Management Appliance (SMA), an enterprise endpoint management platform, that allows unauthenticated attackers to impersonate legitimate users without valid credentials.

Technical Detail

The flaw resides in the authentication handling logic of the Quest KACE SMA, where the application fails to properly verify user identity before granting access. An attacker can exploit this weakness to bypass authentication controls and assume the identity of a legitimate user, potentially including administrative accounts. Successful exploitation could result in unauthorized access to managed endpoints, configuration data, and administrative functions across the entire device management infrastructure.

Exploitation Status

CISA has confirmed active exploitation in the wild, with this vulnerability added to the Known Exploited Vulnerabilities catalog on April 20, 2026. The exploit maturity is rated Operational, meaning functional exploit code capable of reliable exploitation exists and is being used in real-world attacks, not merely as a proof of concept.

Who Is Targeting This

No specific threat actor attribution has been confirmed at this time. Given the nature of the target, enterprise systems management appliances are frequently prioritized by both financially motivated actors and espionage-oriented groups due to their privileged access to large numbers of managed endpoints.

What To Do

Organizations running Quest KACE SMA should apply the vendor-supplied patch immediately. Per CISA's binding operational directive, federal agencies are required to patch or apply mitigations by the deadline associated with the April 20, 2026 KEV listing. All organizations should treat this as a high-priority remediation regardless of CVSS score, as the low score does not reflect the confirmed in-the-wild exploitation. If patching cannot be completed immediately, restrict network access to the KACE SMA management interface to trusted administrative hosts only, and audit authentication logs for anomalous session activity or unexpected user impersonation events. Verify that no unauthorized administrative accounts or configuration changes have been introduced.

In Focus
All analysis →

Deep-research intelligence reports from Lyceum Intelligence — structured assessments with sourced claims and calibrated conclusions.

Browse Intelligence Reports →