Critical Remote Code Execution in Quest KACE Systems Management Appliance (CVE‑2025‑32975) Enables Full System Hijack
What It Is — A critical remote‑code‑execution flaw (CVSS 10.0) in Quest KACE Systems Management Appliance (SMA) permits an unauthenticated attacker to execute arbitrary code and seize complete control of the appliance.
Exploitability — Active exploitation confirmed in the wild since the week of 9 Mar 2026; proof‑of‑concept publicly disclosed; unpatched, internet‑exposed SMA devices are being targeted.
Affected Products — Quest KACE Systems Management Appliance (all versions prior to the emergency patch released 15 Mar 2026).
TPRM Impact — Compromise of a third‑party endpoint‑management platform can cascade to every managed endpoint, exposing downstream customers, disrupting service delivery, and creating a supply‑chain foothold for further attacks.
Recommended Actions — Apply the vendor’s emergency patch immediately; block all inbound traffic to SMA ports from the internet; conduct a rapid inventory of all KACE deployments and verify patch status; ingest Arctic Wolf IOCs into your detection stack; launch an incident‑response investigation if hijack indicators appear.
Source: The Hacker News