CVE-2025-32975: The Open Directory Behind the KACE SMA Breach and 60+ Downstream Victims
ID: ba16f930-9bc4-5c67-bd02-bd7261d988e5
STIX ID: report--ba16f930-9bc4-5c67-bd02-bd7261d988e5
Feed Name: Hunt.io Blog
Threat Score
**Executive summary:** Hunt.io captured an exposed C2 directory (216.126.225.156:8000) containing a complete post‑exploitation toolkit and a MariaDB dump from a compromised Quest KACE SMA appliance exploited via CVE-2025-32975; the breach confirmed active exploitation, exposed HIQ and 60+ client organizations across sensitive sectors, and included detailed IOCs, tooling analysis, MITRE mappings, and remediation guidance.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.