Executive Summary
In January 2026, a security vulnerability (CVE-2025-67813) was identified in Quest KACE Desktop Authority versions up to 11.3.1. The issue involved insecure permissions on named pipes used for inter-process communication, potentially allowing unauthorized local users to access these pipes, leading to unintended interactions or privilege escalation within the application context. Quest addressed this vulnerability by releasing version 11.3.2 on November 3, 2025, which rectified the insecure permissions. Organizations using affected versions are urged to upgrade to the latest release to mitigate this risk. (support.quest.com)
This incident underscores the critical importance of securing inter-process communication channels and implementing proper access controls to prevent unauthorized access and potential privilege escalation.
Why This Matters Now
The CVE-2025-67813 vulnerability highlights the necessity for organizations to promptly apply security patches and review access controls to prevent unauthorized access and potential privilege escalation, especially in widely used enterprise management solutions.
Attack Path Analysis
An attacker exploited insecure permissions on the 'ScriptLogic_Server_NamedPipe_9300' named pipe in Quest KACE Desktop Authority, allowing remote code execution as a local administrator. This access enabled the attacker to escalate privileges, move laterally across the network, establish command and control channels, exfiltrate sensitive data, and potentially disrupt operations.
Kill Chain Progression
Initial Compromise
Description
The attacker exploited insecure permissions on the 'ScriptLogic_Server_NamedPipe_9300' named pipe in Quest KACE Desktop Authority, allowing remote code execution as a local administrator.
Related CVEs
CVE-2025-67813
CVSS 5.3Quest KACE Desktop Authority through version 11.3.1 has insecure permissions on the named pipes used for inter-process communication, potentially allowing unauthorized local users to access these pipes and escalate privileges.
Affected Products:
Quest KACE Desktop Authority – <= 11.3.1
Exploit Status:
no public exploitReferences:
MITRE ATT&CK® Techniques
Techniques identified for SEO/filtering; may be expanded with full STIX/TAXII enrichment later.
Valid Accounts
Process Injection
Abuse Elevation Control Mechanism
Use Alternate Authentication Material
Remote Services
Application Layer Protocol
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Limit access to system components and cardholder data to only those individuals whose job requires such access.
Control ID: 7.2.1
NYDFS 23 NYCRR 500 – Cybersecurity Policy
Control ID: 500.03
DORA – ICT Risk Management Framework
Control ID: Article 5
CISA ZTMM 2.0 – Identity and Access Management
Control ID: 3.1
NIS2 Directive – Cybersecurity Risk Management Measures
Control ID: Article 21
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Information Technology/IT
Quest Desktop Authority vulnerability enables privilege escalation through named pipes, critically impacting IT infrastructure management systems requiring immediate patching and network segmentation.
Financial Services
Remote code execution via enterprise management tools threatens financial networks, potentially compromising encrypted traffic and violating PCI compliance through lateral movement attacks.
Health Care / Life Sciences
Healthcare IT systems face HIPAA compliance violations through privilege escalation attacks on endpoint management infrastructure, requiring enhanced zero trust segmentation controls.
Government Administration
Government networks vulnerable to domain-wide compromise through desktop management systems, enabling credential theft and lateral movement across sensitive administrative infrastructure.
Sources
- Pipe Dreams: Remote Code Execution via Quest Desktop Authority Named Pipehttps://www.netspi.com/blog/technical-blog/adversary-simulation/pipe-dreams-remote-code-execution-via-quest-desktop-authority-named-pipe/Verified
- Quest KACE Desktop Authority Insecure Named Pipe Permissions (CVE-2025-67813)https://support.quest.com/kb/4381743/quest-kace-desktop-authority-insecure-named-pipe-permissions-cve-2025-67813Verified
- CVE-2025-67813 Detailhttps://nvd.nist.gov/vuln/detail/CVE-2025-67813Verified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Aviatrix Zero Trust CNSF is pertinent to this incident as it could likely limit the attacker's ability to escalate privileges, move laterally, and exfiltrate data by enforcing strict segmentation and identity-aware policies.
Control: Cloud Native Security Fabric (CNSF)
Mitigation: The attacker's ability to execute remote code may have been constrained, potentially reducing the scope of initial system compromise.
Control: Zero Trust Segmentation
Mitigation: The attacker's ability to escalate privileges could have been limited, potentially reducing the impact of unauthorized access.
Control: East-West Traffic Security
Mitigation: The attacker's lateral movement across the network may have been constrained, potentially limiting the spread of the attack.
Control: Multicloud Visibility & Control
Mitigation: The attacker's ability to establish command and control channels may have been limited, potentially reducing persistent access.
Control: Egress Security & Policy Enforcement
Mitigation: The attacker's data exfiltration efforts may have been constrained, potentially reducing data loss.
The attacker's ability to disrupt operations may have been limited, potentially reducing system instability and data loss.
Impact at a Glance
Affected Business Functions
- Endpoint Management
- System Administration
Estimated downtime: N/A
Estimated loss: N/A
Potential unauthorized access to system-level operations and sensitive data on affected endpoints.
Recommended Actions
Key Takeaways & Next Steps
- • Apply the latest security patches from Quest to remediate CVE-2025-67813.
- • Implement Zero Trust Segmentation to restrict access to critical systems and services.
- • Enforce East-West Traffic Security to monitor and control lateral movement within the network.
- • Deploy Egress Security & Policy Enforcement to prevent unauthorized data exfiltration.
- • Utilize Threat Detection & Anomaly Response tools to identify and respond to suspicious activities promptly.
