Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) allows unauthenticated users to replace system licenses through a web interface intended for license renewal. Attackers can exploit this to replace valid licenses with expired or trial licenses, causing denial of service.
History

Tue, 24 Jun 2025 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-306
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 24 Jun 2025 14:45:00 +0000

Type Values Removed Values Added
Description Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) allows unauthenticated users to replace system licenses through a web interface intended for license renewal. Attackers can exploit this to replace valid licenses with expired or trial licenses, causing denial of service.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2025-06-24T00:00:00.000Z

Updated: 2025-06-24T15:01:02.605Z

Reserved: 2025-04-15T00:00:00.000Z

Link: CVE-2025-32978

cve-icon Vulnrichment

Updated: 2025-06-24T15:00:17.401Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-06-24T15:15:24.260

Modified: 2025-06-26T18:58:14.280

Link: CVE-2025-32978

cve-icon Redhat

No data.