Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems

2026-03-23

1 min read

by info@thehackernews.com (The Hacker News)

Read Original

Get the latest tech trends every morning

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Endigest AI Core Summary

Threat actors are actively exploiting CVE-2025-32975 (CVSS 10.0), an authentication bypass flaw in Quest KACE Systems Management Appliance (SMA), to hijack administrative accounts.

•Arctic Wolf observed malicious activity starting March 9, 2026, targeting unpatched SMA systems exposed to the internet.
•The vulnerability allows attackers to impersonate legitimate users without credentials, enabling full administrative account takeover.
•Attackers delivered Base64-encoded payloads via curl from an external server (216.126.225[.]156) and created additional admin accounts using runkbot.exe.
•Post-exploitation activity included credential harvesting with Mimikatz, RDP access to backup infrastructure (Veeam, Veritas) and domain controllers, and Windows Registry modifications for persistence.

Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems

Get the latest tech trends every morning

Endigest AI Core Summary

Related Articles

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

Why Third-Party Risk Is the Biggest Gap in Your Clients' Security Posture