263/69 Friday, May 15, 2026
A critical vulnerability identified as CVE-2025-32975 has been discovered in Quest KACE Systems Management Appliance (KACE SMA), an endpoint management platform used for software deployment, patch distribution, and device administration within organizations. The vulnerability carries a maximum CVSS score of 10.0 and is classified as an Authentication Bypass flaw, allowing attackers to impersonate legitimate users or administrators without requiring valid credentials. If successfully exploited, the vulnerability could potentially compromise all endpoints managed by the affected system.
According to a report from Hunt.io, although Quest Software released security patches for the issue in May 2025, many systems remain unpatched. Attackers reportedly exploited the vulnerability to compromise a Managed Service Provider (MSP) based in Boston that provided IT services to more than 60 organizations, including government agencies, hospitals, educational institutions, and law enforcement entities. After gaining access, the attackers extracted a MariaDB database exceeding 512 MB in size, containing sensitive information such as customer records, user accounts, helpdesk data, and IT infrastructure details belonging to clients.
Researchers also discovered that the attackers exposed a 308 MB attack toolkit on an unprotected HTTP server. The toolkit reportedly contained a full range of offensive tools, including reverse shells, SMB credential sprayers, WMI reconnaissance utilities, and SOCKS5 tunneling tools designed to maintain persistent access within compromised networks. In addition, Hunt.io identified more than 12,000 publicly exposed KACE K1000 devices still running unpatched versions. Researchers warned that the incident highlights significant supply chain security risks, as organizations may still be affected indirectly through third-party service providers even if they do not use the software directly. System administrators are strongly advised to apply security patches immediately, review Indicators of Compromise (IoCs), and avoid exposing management systems directly to the public internet whenever possible.