Quest CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

Known exploited Quest CVE published 2026-04-20

CVE-2025-32975

CVE-2025-32975 is an improper authentication vulnerability in Quest KACE Systems Management Appliance (SMA) that CISA added to the Known Exploited Vulnerabilities catalog on 2026-04-20. The KEV listing means defenders should treat it as an urgent remediation item, even though the supplied public corpus does not include affected versions, impact depth, or exploit mechanics. CISA’s guidance is to apply vend [truncated]

Known exploited Quest CVE published 2022-03-25

CVE-2018-11138

CVE-2018-11138 is a Quest KACE System Management Appliance remote command execution issue that CISA has listed in its Known Exploited Vulnerabilities catalog. The KEV record flags known exploitation and indicates known ransomware campaign use, so this should be treated as an urgent remediation item rather than a routine patch. CISA’s guidance for this entry is to apply updates per the vendor’s instructions.