The Hacker News

Hackers Exploit CVE-2025-32975 (CVSS 10.0) to Hijack Unpatched Quest KACE SMA Systems

CVE-2025-32975 exploited since March 2026 on unpatched KACE SMA systems, enabling admin takeover and payload delivery.
GitHub

quest_kace_systems_management_rce.rb

`\kace.local\client\agent_provisioning\windows_platform` Samba share. Additionally, various agent versions are listed on the KACE website. This module has been tested ...
GitHub

flashchat_upload_exec.rb

versions 6.0.2 and 6.0.4 to 6.0.8. Attackers can abuse the upload feature in order to upload malicious PHP files without authentication which results in arbitrary remote code execution as the web ...