VDB

CVE-2025-32976

CVE-2025-32976 PUBLISHED CVSS 8.800000190734863 HIGH

CVE-2025-32975 CVE-2025-32975 is an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid credentials. The vulnerability in the SSO authentication handling mechanism can lead to complete administrative takeover. CVE-2025-32976 A logic flaw exists in the two-factor authentication implementation that allows authenticated users to bypass TOTP-based 2FA requirements. The vulnerability lies in the 2FA validation process and can be exploited to gain elevated access. CVE-2025-32977 CVE-2025-32977 allows unauthenticated users to upload backup files to the system. While signature validation is implemented, weaknesses in the validation process can be exploited to upload malicious backup content that could compromise system integrity. CVE-2025-32978 CVE-2025-32978 allows unauthenticated users to replace system licenses through a web interface intended for license renewal. Attackers can exploit this to replace valid licenses with expired or trial licenses, causing a denial of service. d for the template engine. In the case of RS, exploitation does not require authentication.

EPSS 0.11% · 29.1th percentile

Risk Scores

CVSS 3.1
8.800000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.11%
29.1th percentile

Affected Products

VendorProductVersions
QuestQuest KACE SMA

Exploit Intelligence

…and 1 more exploits

Timeline

  • Jun 24, 2025 CVE Published
  • Jun 24, 2025 PoC Published
  • Jun 24, 2025 PoC Published
  • Jun 24, 2025 PoC Published
  • Jun 24, 2025 PoC Published
  • Jun 25, 2025 EPSS Score
  • Jun 25, 2025 PoC Published
  • Jun 30, 2025 PoC Published
  • Jul 5, 2025 EPSS Score
  • Jul 15, 2025 EPSS Score
  • Jul 25, 2025 EPSS Score
  • Aug 4, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›