Cybercriminals Exploit Quest KACE SMA Authentication Bypass to Steal Corporate Credentials

In the first week of March 2026, a wave of targeted attacks began against organizations running the Quest KACE Systems Management Appliance (SMA). Security researchers discovered that threat actors were actively exploiting a critical authentication bypass flaw—CVE‑2025‑32975—to gain unauthorized...

In the first week of March 2026, a wave of targeted attacks began against organizations running the Quest KACE Systems Management Appliance (SMA). Security researchers discovered that threat actors were actively exploiting a critical authentication bypass flaw—CVE‑2025‑32975—to gain unauthorized access, harvest user credentials, and move laterally into sensitive parts of corporate networks, including critical infrastructure systems.

What Is the Quest KACE Systems Management Appliance?

The Quest KACE SMA is a widely deployed, web‑based platform that helps IT teams automate software distribution, patch management, asset discovery, and inventory tracking. By consolidating these functions into a single appliance, many enterprises can reduce the complexity of their IT operations and improve security posture through timely patching and configuration compliance.

Because the SMA runs on a Linux‑based operating system and exposes a RESTful API, it is often the first point of contact for administrators who need to push updates or collect device data. However, this visibility also makes it an attractive target for attackers who can use it as a foothold to reach deeper into an organization’s network.

How CVE‑2025‑32975 Works

The vulnerability is an authentication bypass that occurs when the SMA’s web interface fails to properly validate session tokens for privileged API calls. Attackers can craft a malicious request that tricks the appliance into treating an unauthenticated session as an authenticated one, thereby granting them full administrative rights.

Once an attacker has administrative access, they can:

  • Retrieve stored credentials for users and service accounts.
  • Deploy malware or credential‑stealing tools across the network.
  • Modify firewall rules or routing tables to open backdoors.
  • Pivot into other critical systems such as SCADA, database servers, or cloud environments.

Because the flaw is not limited to a single API endpoint, it can be exploited remotely over the internet, provided the SMA is exposed to the public network or accessible through a VPN that is not properly segmented.

Impact and Current Threat Landscape

Security researchers have confirmed that at least 37 organizations worldwide have been compromised during the March 9‑week attack window. In many cases, attackers were able to exfiltrate thousands of usernames and passwords, some of which were reused across multiple services, amplifying the damage.

Early indicators show that threat actors are not only harvesting credentials but also installing persistence mechanisms such as scheduled tasks and backdoor services. This allows them to maintain long‑term access even after the initial vulnerability is patched.

Moreover, the attackers have demonstrated the ability to move laterally into critical infrastructure components—particularly industrial control systems that rely on legacy protocols. This raises the risk of sabotage or ransomware attacks that could disrupt essential services.

Mitigation Steps and Patch Management

Organizations that run the Quest KACE SMA should act immediately to secure their environments. The following steps outline a comprehensive response strategy:

  1. Confirm Vulnerability Status: Run a quick scan of your SMA instance to verify whether CVE‑2025‑32975 is present. Quest publishes a vulnerability assessment tool that can be used for this purpose.
  2. Apply the Latest Patch: Quest released an official patch (Version 7.2.3) on March 5, 2026. Download and install the update following the vendor’s instructions. If you cannot patch immediately, apply the temporary mitigation by disabling the affected

More Reading

Post navigation

Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

If you like this post you might also like these

CFTC’s Crypto Innovation: Bitcoin & Ethereum Now Accepted as Derivative Collateral Get ready for a seismic shift in the cryptocurrency derivatives market! The Commodity Futures Trading Commission (CFTC) has unveiled an ambitious new initiative that could fundamentally alter how traders engage with digital assets. What’s New with the CFTC’s Crypto Push? In a move that’s sending ripples of excitement through the financial world, the CFTC is now officially permitting major cryptocurrencies, namely Bitcoin (BTC) and Ethereum (ETH), to be utilized as collateral in derivatives trading. This groundbreaking decision marks a significant step towards integrating digital assets more deeply into traditional financial instruments. Why This Matters for Bitcoin and Ethereum Holders For those holding Bitcoin and Ethereum, this development opens up exciting new avenues for leveraging their digital wealth. Previously, the primary use of these assets was simply holding or speculative trading. Now, their utility is expanding dramatically, allowing them to act as the foundation for complex derivative positions. The Mechanics of Crypto Collateral Imagine being able to back a futures contract or an options trade not just with traditional fiat currency, but with your Bitcoin or Ethereum holdings. This innovation significantly enhances liquidity and provides traders with greater flexibility. Instead of liquidating your crypto assets to meet collateral requirements, you can now use them directly, potentially unlocking capital that was previously tied up. Impact on Derivatives Trading This CFTC initiative is poised to boost activity in the crypto derivatives space. By broadening the scope of acceptable collateral, the commission is making it easier and potentially more efficient for a wider range of participants to engage in these sophisticated trading strategies. This could lead to increased trading volumes, tighter spreads, and a more robust market overall. Expert Insights and Future Outlook Industry experts anticipate that this move by the CFTC will encourage further innovation and adoption of cryptocurrencies within the regulated financial sector. It signals a growing recognition of digital assets’ potential and a willingness from regulatory bodies to adapt to the evolving landscape. While challenges remain in ensuring regulatory clarity and market stability, this is undoubtedly a positive step forward. Key Takeaways The CFTC now allows Bitcoin and Ethereum as collateral for derivatives. This increases utility and flexibility for crypto holders. The initiative is expected to boost derivatives market activity. It represents a significant step in crypto integration with traditional finance. This is a developing story, and we’ll continue to monitor how this new CFTC crypto initiative unfolds and impacts the global financial markets. Stay tuned for more updates!

back to top