"CVE-2025-32975, which Quest patched in May 2025, allows unauthenticated threat actors to impersonate legitimate users, potentially leading to full administrative takeover of the appliance."
"According to Arctic Wolf, attackers appear to have exploited CVE-2025-32975 to gain initial access to a system, after which they achieved administrative control."
"At this time, we are unable to provide additional details regarding the attacker or their motivation. Although some affected customers were in the education sector in different regions, we do not have sufficient data to determine whether this sector was specifically targeted."
"Given that the exploitation involved an internet-exposed appliance, it was likely opportunistic."
Arctic Wolf detected suspicious activity linked to CVE-2025-32975, a critical flaw in unpatched Quest KACE Systems Management Appliance instances. This vulnerability allows unauthenticated actors to impersonate users, risking full administrative control. The exploitation likely began in early March 2026, with no clear identification of the attackers or their motives. Affected organizations, particularly in the education sector, are urged to apply patches to prevent further intrusions. No signs of related vulnerabilities being exploited were found, indicating a focused attack on the specific flaw.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]