"CVE-2025-32975, with a CVSS score of 10.0, is an authentication bypass vulnerability that enables attackers to impersonate legitimate users without valid credentials, leading to potential administrative account takeover."
"Threat actors have weaponized the vulnerability to gain control of administrative accounts, executing remote commands to drop Base64-encoded payloads from an external server using the curl command."
"Actions taken by the attackers include credential harvesting with Mimikatz, conducting reconnaissance by enumerating logged-in users, and obtaining RDP access to backup infrastructure and domain controllers."
"To counter the threat, administrators are advised to apply the latest updates and avoid exposing SMA instances to the internet, as the issue has been patched in several versions."
A maximum-severity security flaw in Quest KACE Systems Management Appliance (SMA) is being exploited by threat actors. Malicious activity began around March 9, 2026, targeting unpatched SMA systems exposed to the internet. The vulnerability, CVE-2025-32975, allows attackers to impersonate legitimate users and potentially take over administrative accounts. Exploitation includes creating additional accounts and executing remote commands. Administrators are urged to apply updates and limit internet exposure to mitigate risks.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]