ET EXPLOIT Quest KACE Desktop Authority Insecure Named Pipe Credentials Operation (CVE-2025-67813)

SID: 2067419Rev: 33 viewsHistory

Sourceet/open

CreatedFebruary 9, 2026

UpdatedFebruary 10, 2026

Classificationattempted-user

alert smb any any -> $HOME_NET any (msg:"ET EXPLOIT Quest KACE Desktop Authority Insecure Named Pipe Credentials Operation (CVE-2025-67813)"; flow:established,to_server; flowbits:isset,ET.QuestKACE.SMB; content:"SMB"; depth:8; content:"|fe ff 00 fe ff 00 fe ff 16|C|00|r|00|e|00|d|00|e|00|n|00|t|00|i|00|a|00|l|00|s|00|"; fast_pattern; reference:url,www.netspi.com/blog/technical-blog/adversary-simulation/pipe-dreams-remote-code-execution-via-quest-desktop-authority-named-pipe/; reference:cve,2025-67813; classtype:attempted-user; sid:2067419; rev:3; metadata:attack_target Server, created_at 2026_02_09, cve CVE_2025_67813, deployment Perimeter, deployment Internal, former_category INFO, confidence High, signature_severity Major, tag Exploit, updated_at 2026_02_10, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)

References

url	www.netspi.com/blog/technical-blog/adversary-simulation/pipe-dreams-remote-code-execution-via-quest-desktop-authority-named-pipe/
cve	2025-67813

Metadata

attack targetServer

created at2026_02_09

cveCVE-2025-67813

deploymentInternal

former categoryINFO

confidenceHigh

signature severityMajor

tagExploit

updated at2026_02_10

mitre tactic idTA0001

mitre tactic nameInitial_Access

mitre technique idT1190

mitre technique nameExploit_Public_Facing_Application

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!