CNNVD-202506-3090 Information
CNNVD ID
CNNVD-202506-3090
Related CVE
- CNNVD Published: 2025-06-24
Description (Chinese)
Quest Software Quest KACE Systems Management Appliance是美国Quest Software公司的一款IT资产管理设备。 Quest KACE Systems Management Appliance存在安全漏洞,该漏洞源于备份文件上传验证不足,可能导致上传恶意备份文件破坏系统完整性。以下版本受到影响:13.0.385之前版本、13.1.81之前版本、13.2.183之前版本、14.0.341之前版本和14.1.101之前版本。
Description (English)
Quest Software Quest KACE Systems Management Application is an IT asset management facility of the United States company Quest Software. There is a security loophole in Quest KACE Systems Management Application, which stems from inadequate upload verification of back-up files, which may result in the uploading of malicious backup files undermining the integrity of the system. The following versions were affected: pre-13.0.385, pre-1.3.81, pre-13.2.183, pre-14.0341 and pre-14.1.101.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Quest Software
Published
2025-06-24
Last Modified
2026-02-24
References
https://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978 https://seralys.com/research/CVE-2025-32977.txt https://seclists.org/fulldisclosure/2025/Jun/24 https://access.redhat.com/security/cve/cve-2025-32977
Patch
https://support.quest.com/kace-systems-management-appliance/14.1/download-new-releases
Share on: