ГлавнаяУязвимости → CVE-2025-32978
7.5высокая

CVE-2025-32978

→ есть в БДУ: BDU:2026-00088 (на русском)
Описание (на английском; русское — в БДУ выше)

Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) allows unauthenticated users to replace system licenses through a web interface intended for license renewal. Attackers can exploit this to replace valid licenses with expired or trial licenses, causing denial of service.

CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Источники
https://seclists.org/fulldisclosure/2025/Jun/25https://seralys.com/research/CVE-2025-32978.txthttps://support.quest.com/kb/4379499/quest-response-to-kace-sma-vulnerabilities-cve-2025-32975-cve-2025-32976-cve-2025-32977-cve-2025-32978http://seclists.org/fulldisclosure/2025/Jun/25