Quest KACE SMA — CVE-2025-32975 Unauthenticated RCE

Quest KACE SMA — CVE-2025-32975 Unauthenticated RCE

Quest KACE SMA: CVSS 10.0 Unauthenticated RCE Under Active Exploitation

Confidence: High

A vulnerability in the Quest KACE Systems Management Appliance (SMA), tracked as CVE-2025-32975, allows for full administrative takeover without authentication. This flaw is currently being exploited in the wild to deploy persistent backdoors and ransomware within enterprise managed environments. Given the SMA's role in endpoint management, any organization using this appliance is at maximum risk of total network compromise. Organizations are advised to patch immediately or isolate unpatched instances from the public internet.

DarkSword: iOS Kernel Exploit Added to CISA KEV

Confidence: High

CISA has added a new iOS zero-day, tracked as CVE-2026-20700 (CVSS 8.8), to its Known Exploited Vulnerabilities catalogue. Known as the "DarkSword" exploit chain, it leverages a kernel vulnerability to achieve privilege escalation via a malicious website. This affects iOS and iPadOS versions through 18.x. The highly targeted nature of these attacks suggests use by sophisticated state-sponsored actors or advanced mercenary spyware vendors. Immediate updates to iOS 18.4 (or latest) are required to neutralize this threat.

"The Gentlemen" Strategic Attack on Economia (Czech Media)

Confidence: High

The ransomware group "The Gentlemen" has confirmed a disruptive attack on Economia, one of the Czech Republic's largest media houses. This follow-on to their previous attack on nuclear supply chain entity Kabelovna Kabex demonstrates a deliberate pattern of targeting Czech national infrastructure and information systems. The group's operational sophistication suggests a shift toward strategic disruption over simple data theft.

Companies House (UK) WebFiling Remediation

Confidence: Medium

UK Companies House has confirmed the final remediation of a critical vulnerability in its WebFiling service. Previously assessed as low-impact, newer findings suggested the flaw could have allowed unauthorized corporate filings. The service was vulnerable since late 2025, but a patch has now been successfully deployed as of March 2026.

Why This Matters

The combination of a CVSS 10.0 enterprise infrastructure exploit (Quest KACE) and a targeted mobile zero-day (DarkSword) significantly expands the active attack surface for enterprise and executive targets. Simultaneously, the targeting of Czech media and nuclear supply chains by "The Gentlemen" indicates a calculated campaign against national resilience within the EU.

• Recommended Actions
• Patch Quest KACE SMA (CVE-2025-32975) immediately; isolate from the public internet if patching is delayed.
• Mandate iOS/iPadOS updates to the latest version across all managed mobile devices to mitigate CVE-2026-20700.
• Continue Chrome zero-day patching (CVE-2026-3909/3910) to meet the March 27 CISA KEV deadline.
• Audit Czech/EU supply chain partners for potential compromise indicators associated with "The Gentlemen" activity.

All findings grounded in A13E intelligence sweeps through 11:55 UTC 23 March 2026.