Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems
Summary
Hackers are actively exploiting a critical vulnerability, CVE-2025-32975, in Quest KACE Systems Management Appliance (SMA) systems that have not been patched and are exposed to the internet. This flaw carries a maximum CVSS score of 10.0 and poses a significant risk of system hijacking.
IFF Assessment
FOE
The active exploitation of a critical vulnerability that allows for system hijacking represents a direct threat to organizations and their data.
Severity
10.0
Critical
Defender Context
Defenders need to prioritize patching Quest KACE SMA systems immediately, especially those exposed to the internet, to mitigate the risk of this high-severity exploit. Monitoring for indicators of compromise related to this CVE and ensuring robust network segmentation are crucial steps.