Cybersecurity experts from Arctic Wolf have identified active exploitation of a critical security vulnerability, CVE-2025-32975, affecting Quest KACE Systems Management Appliance (SMA). This flaw has been assigned a maximum CVSS score of 10.0 and has been observed in customer environments since March 9, 2026, particularly targeting unpatched systems that are exposed to the internet. The exploitation of this vulnerability highlights the urgent need for organizations to apply patches and enhance their security measures promptly to mitigate risks associated with this threat.
For businesses utilizing Quest KACE SMA, the implications are profound. Organizations must prioritize the immediate application of security updates to address this vulnerability and reassess their cybersecurity posture to defend against such high-severity threats. Failure to do so could lead to unauthorized access and control over critical systems, resulting in potential data breaches and operational disruptions. This incident underscores the importance of proactive vulnerability management and the need for continuous monitoring of system exposures, particularly in an era where cyber threats are evolving rapidly and becoming increasingly sophisticated.
---
*Originally reported by [The Hacker News](https://thehackernews.com/2026/03/hackers-exploit-cve-2025-32975-cvss-100.html)*