216.73.217.22

CVE-2025-32977

· Published 24/06/2025 15:15 · Modified 24/06/2025 15:15

Labels: CVE-2025-32977 2025-06-24CVE-2025-32977CWE-347[email protected]

Essential information

Published
24/06/2025 15:15
Modified
24/06/2025 15:15
Author
Creator
CVSS
9.6 CRITICAL (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CVSS metrics

Description

Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) allows unauthenticated users to upload backup files to the system. While signature validation is implemented, weaknesses in the validation process can be exploited to upload malicious backup content that could compromise system integrity.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
quest / kace systems management appliance cpe:2.3:a:quest:kace_systems_management_appliance:13.0.*:*:*:*:*:*:*:*
quest / kace systems management appliance cpe:2.3:a:quest:kace_systems_management_appliance:13.1.*:*:*:*:*:*:*:*
quest / kace systems management appliance cpe:2.3:a:quest:kace_systems_management_appliance:13.2.*:*:*:*:*:*:*:*
quest / kace systems management appliance cpe:2.3:a:quest:kace_systems_management_appliance:14.0.*:*:patch_5:*:*:*:*:*
quest / kace systems management appliance cpe:2.3:a:quest:kace_systems_management_appliance:14.1.*:*:patch_4:*:*:*:*:*

References