AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

🔥 This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)

CVE-2025-32975: Quest KACE Systems Management Appliance (SMA) Improper Authentication Vulnerability

infovulnerability🔥 Actively Exploited

security

Source: CISA Known Exploited VulnerabilitiesApril 19, 2026CVE-2025-32975

Summary

Quest KACE Systems Management Appliance (SMA) has a flaw in how it checks user identity that lets attackers pretend to be real users without needing the correct password. This vulnerability is currently being exploited by real attackers in the wild.

Solution / Mitigation

Apply mitigations per vendor instructions from https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.5%

Patch Available

Yes

Exploit Maturity

🔥 Actively Exploited

Disclosure Date

April 19, 2026

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-287

CAPEC (Attack Pattern)

CAPEC-114

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-32975

First tracked: April 20, 2026 at 08:00 PM

Classified by LLM (prompt v3) · confidence: 95%