CVE-2025-67813 identifies a security vulnerability in Quest KACE Desktop Authority versions up to 11.3.1, where the named pipes used for inter-process communication (IPC) have insecure permissions. Named pipes are a Windows IPC mechanism allowing processes to communicate, often used by system management tools like Quest KACE Desktop Authority to coordinate tasks and exchange sensitive information. Insecure permissions on these pipes mean that unauthorized local users or processes could potentially access or manipulate the data transmitted through these channels. This could lead to privilege escalation, unauthorized command execution, or leakage of sensitive configuration or credential information. The vulnerability does not require remote network access but does require local access to the affected system, which could be achieved through compromised user accounts or insider threats. No CVSS score has been assigned yet, and no public exploits are known, but the issue is significant due to the sensitive nature of IPC in endpoint management software. The lack of patch links suggests that a fix may not yet be publicly available, emphasizing the need for immediate mitigation steps such as permission audits and restricting local user privileges. Organizations relying on Quest KACE Desktop Authority for endpoint management should be vigilant, as exploitation could undermine the integrity and confidentiality of their IT management operations.

For European organizations, this vulnerability could compromise the confidentiality and integrity of endpoint management operations. Unauthorized local access to named pipes may allow attackers to escalate privileges, execute unauthorized commands, or intercept sensitive data such as credentials or configuration details. This could lead to broader network compromise, disruption of IT management workflows, and potential data breaches. Organizations in sectors with strict regulatory requirements (e.g., finance, healthcare, critical infrastructure) could face compliance violations and reputational damage if exploited. The impact is particularly concerning for enterprises with large deployments of Quest KACE Desktop Authority, as a single compromised endpoint could serve as a foothold for lateral movement within the network. Although remote exploitation is not possible, the threat from insider attackers or malware that gains local access remains significant. The absence of known exploits provides a window for proactive mitigation, but the risk remains high due to the critical role of the affected software in managing enterprise endpoints.

1. Immediately audit and tighten the permissions on named pipes used by Quest KACE Desktop Authority to ensure only authorized system processes and administrators have access. 2. Restrict local user privileges to the minimum necessary to prevent unauthorized access to IPC mechanisms. 3. Monitor local system logs and IPC activity for unusual access patterns or unauthorized attempts to interact with named pipes. 4. Implement endpoint detection and response (EDR) solutions capable of detecting suspicious local process interactions. 5. Segregate management consoles and servers from general user workstations to limit exposure. 6. Stay informed about official patches or updates from Quest and apply them promptly once available. 7. Conduct regular security awareness training to reduce insider threat risks. 8. Consider application whitelisting to prevent unauthorized processes from running and accessing IPC channels. 9. Use host-based firewalls and access control lists to limit local network communication where feasible. 10. Prepare incident response plans that include scenarios involving local privilege escalation and IPC exploitation.