A CVSS 10.0 authentication bypass vulnerability CVE-2025-32975 was discovered in Quest KACE SMA, and active attack activity was confirmed starting the week of March 9, 2026. The patch was released in May 2025, but systems that have not been patched are being targeted for attacks.
