Hackers target unpatched Quest KACE SMA systems through critical CVE-2025-32975 flaw

Threat actors are now targeting unpatched Quest KACE Systems Management Appliance, or SMA, systems by abusing CVE-2025-32975, a critical authentication bypass flaw with a CVSS score of 10.0. Arctic Wolf said it observed malicious activity starting the week of March 9, 2026, in customer environments, and the activity matched exploitation of internet-exposed SMA instances that […] The post Hackers target unpatched Quest KACE SMA systems through critical CVE-2025-32975 flaw appeared first on VPN Central.