cbcvebase.
CVE-2025-32976
published 2025-06-24

CVE-2025-32976: Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and…

PriorityP260high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.79%
51.6th percentile
Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains a logic flaw in its two-factor authentication implementation that allows authenticated users to bypass TOTP-based 2FA requirements. The vulnerability exists in the 2FA validation process and can be exploited to gain elevated access.

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability is a logic flaw in the TOTP-based 2FA validation process of Quest KACE SMA; monitor for authenticated sessions that bypass 2FA enforcement, particularly where TOTP validation is skipped or returns success without a valid token
  • Monitor Quest KACE SMA for authenticated users gaining elevated access without completing the expected TOTP challenge/response flow, which may indicate exploitation of this 2FA bypass
  • CISA has added this to the KEV catalog as an actively exploited improper authentication vulnerability; prioritize detection of credential impersonation attempts against Quest KACE SMA instances
  • ·Affected versions are 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4); ensure detection rules scope to these versions
  • ·Vendor advisory covers multiple related CVEs (CVE-2025-32975, CVE-2025-32976, CVE-2025-32977, CVE-2025-32978); review all when assessing exposure and tuning detections

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cisa10.0CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.