Initiatieven voor
Als nationale autoriteit voor cyberveiligheid heeft het CCB verschillende initiatieven ontwikkeld voor specifieke doelgroepen die hier worden gepresenteerd.
Warning: CRITICAL Vulnerabilities found in Quest KACE Systems Management Appliance! Patch Immediately!
Image
Gepubliceerd : 25/06/2025
- Last update:
25/06/2025- Affected software:
→ Quest KACE SMA- Type:
→ Improper Authentication (CWE-287)
→ 2FA Authentication Bypass (CWE-288)
→ Improper Verification of Cryptographic Signature (CWE-347)
→ Missing Authentication for Critical Function (CWE-306)- CVE/CVSS
→ CVE-2025-32975: CVSS 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
→ CVE-2025-32976: CVSS 8.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
→ CVE-2025-32977: CVSS 9.6 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)
→ CVE-2025-32978: CVSS 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Sources
Risks
Quest KACE Systems Management Appliance (SMA) is an IT systems management solution that helps organisations automate and streamline endpoint management tasks. IT departments use Quest KACE Systems Management Appliance (SMA) to manage and secure desktops, laptops, servers, and other network-connected devices.
Quest KACE Systems Management Appliance (SMA) addressed several vulnerabilities. These vulnerabilities were found during a third-party assessment of their software and are not known to be actively exploited. Successful exploitation could lead to a system takeover and compromise your enterprise.
Description
CVE-2025-32975
CVE-2025-32975 is an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid credentials. The vulnerability in the SSO authentication handling mechanism can lead to complete administrative takeover.
CVE-2025-32976
A logic flaw exists in the two-factor authentication implementation that allows authenticated users to bypass TOTP-based 2FA requirements. The vulnerability lies in the 2FA validation process and can be exploited to gain elevated access.
CVE-2025-32977
CVE-2025-32977 allows unauthenticated users to upload backup files to the system. While signature validation is implemented, weaknesses in the validation process can be exploited to upload malicious backup content that could compromise system integrity.
CVE-2025-32978
CVE-2025-32978 allows unauthenticated users to replace system licenses through a web interface intended for license renewal. Attackers can exploit this to replace valid licenses with expired or trial licenses, causing a denial of service.
d for the template engine. In the case of RS, exploitation does not require authentication.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Quest released a patch on KACE SMA versions 13.0.385, 13.1.81, 13.2.183, 14.0.341 (Patch 5), 14.1.101 (Patch 4).
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.
References
https://seclists.org/fulldisclosure/2025/Jun/22
https://seclists.org/fulldisclosure/2025/Jun/23
https://seclists.org/fulldisclosure/2025/Jun/24
https://seclists.org/fulldisclosure/2025/Jun/25